Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
algoliasearch-helper 安全漏洞
Vulnerability Description
algoliasearch-helper是开源的一个JavaScript模块,它可以帮助您跟踪搜索参数并提供更高级别的 API。 algoliasearch-helper 存在安全漏洞,该漏洞源于3.6.2之前的包algoliassearch -helper因parseNumbers对原型属性没有任何保护所以很容易受到原型污染。
CVSS Information
N/A
Vulnerability Type
N/A