algoliasearch-helper up to 3.6.1 Prototype index.jsSearchParameters._parseNumbers merge code injection

A vulnerability, which was classified as problematic, was found in algoliasearch-helper up to 3.6.1. This affects the function merge of the file src/SearchParameters/index.jsSearchParameters._parseNumbers of the component Prototype Handler. Upgrading to version 3.6.2 eliminates this vulnerability. Applying the patch 4ff542b70b92a6b81cce8b9255700b0bc0817edd is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-34066 : TEXERCISE UP TO 0.0.12 ON PYTHON BACKDOOR

CVE-2022-34066 : TEXERCISE UP TO 0.0.12 ON PYTHON BACKDOOR

Description The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows

CVE-2022-32405 : SOURCECODESTER PRISON MANAGEMENT SYSTEM 1.0 VIEW_PRISON.PHP ID SQL INJECTION

CVE-2022-32405 : SOURCECODESTER PRISON MANAGEMENT SYSTEM 1.0 VIEW_PRISON.PHP ID SQL INJECTION

Description Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/view_prison.php:4 References

CVE-2022-20651 : CISCO ADAPTIVE SECURITY DEVICE MANAGER LOG FILE

CVE-2022-20651 : CISCO ADAPTIVE SECURITY DEVICE MANAGER LOG FILE

Description A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker