CVE-2025-3193 | algoliasearch-helper up to 3.11.1 Search Parameter merge.js _merge prototype pollution (SNYK-JS-ALGOLIASEARCHHELPER-3318396)

Inserito da Angelo Barbosa | Set 27, 2025 | CVE

A vulnerability labeled as problematic has been found in algoliasearch-helper up to 3.11.1. The impacted element is the function _merge of the file merge.js of the component Search Parameter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is listed as CVE-2025-3193. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.

CVE-2025-3193 | algoliasearch-helper up to 3.11.1 Search Parameter merge.js _merge prototype pollution (SNYK-JS-ALGOLIASEARCHHELPER-3318396)

Post correlati

CVE-2022-36418 | Vagary Digital HREFLANG Tags Lite Plugin up to 2.0.0 on WordPress authorization

CVE-2023-41705 | Open-Xchange OX App Suite up to 7.6.3-rev71/7.10.6-rev55/8.20 DAV User-Agent String resource consumption

CVE-2025-9948 | Chat by Chatwee Plugin up to 2.1.3 on WordPress Setting cross-site request forgery

CVE-2024-39930 | Gogs up to 0.13.0 SSH Connection internal/ssh/ssh.go argument injection