CNNVD-202509-4280 Information
CNNVD ID
CNNVD-202509-4280
Related CVE
- CNNVD Published: 2025-09-27
Description (Chinese)
algoliasearch-helper是Algolia开源的一个JavaScript模块,它可以帮助您跟踪搜索参数并提供更高级别的 API。 algoliasearch-helper 2.0.0-rc1版本至3.11.2之前版本存在安全漏洞,该漏洞源于merge.js中_merge函数存在原型污染,可能导致执行用户提供的搜索参数中的代码。
Description (English)
The algoliasearch-helper is a JavaScript module from Algolia’s open source that helps you track search parameters and provides a higher-level API. There was a security loophole in the pre-versions of algoliasearch-helper 2.0.0-rc1 to 3.11.2, which stemmed from the prototype contamination of the merge function in merge.js, which could lead to the code in the search parameters provided by the user.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Algolia
Published
2025-09-27
Last Modified
2026-02-24
References
https://github.com/algolia/algoliasearch-helper-js/commit/776dff23c87b0902e554e02a8c2567d2580fe12a https://github.com/algolia/algoliasearch-helper-js/issues/922 https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-3318396
Patch
https://github.com/algolia/algoliasearch-helper-js/releases
Share on: