{"id":"CVE-2021-23433","details":"The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.","aliases":["GHSA-vpf5-82c8-9v36"],"modified":"2026-04-10T04:30:37.855487Z","published":"2021-11-19T20:15:17.903Z","related":["SNYK-JS-ALGOLIASEARCHHELPER-1570421"],"references":[{"type":"WEB","url":"https://github.com/algolia/algoliasearch-helper-js/blob/3.5.5/src/SearchParameters/index.js%23L291"},{"type":"FIX","url":"https://github.com/algolia/algoliasearch-helper-js/commit/4ff542b70b92a6b81cce8b9255700b0bc0817edd"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/algolia/algoliasearch-helper-js","events":[{"introduced":"0"},{"fixed":"0da37cc540275a7500db246155a8d783b45b514e"},{"fixed":"4ff542b70b92a6b81cce8b9255700b0bc0817edd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.6.2"}]}}],"versions":["1.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.10.0","2.11.0","2.11.1","2.12.0","2.13.0","2.14.0","2.15.0","2.16.0","2.17.0","2.17.1","2.18.0","2.18.1","2.19.0","2.2.0","2.20.0","2.20.1","2.21.0","2.21.1","2.21.2","2.22.0","2.23.0","2.23.1","2.23.2","2.24.0","2.25.0","2.25.1","2.26.0","2.26.1","2.28.0","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.4.0","2.5.0","2.5.1","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.8.1","2.9.0","2.9.1","3.0.0","3.1.0","3.1.1","3.1.2","3.2.0","3.2.1","3.2.2","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.4.0","3.4.1","3.4.2","3.4.3","3.4.4","3.4.5","3.5.0","3.5.1","3.5.2","3.5.3","3.5.4","3.5.5","3.6.0","3.6.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23433.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}