CVE-2025-3193 | algoliasearch-helper up to 3.11.1 Search Parameter merge.js _merge prototype pollution (SNYK-JS-ALGOLIASEARCHHELPER-3318396)

A vulnerability labeled as problematic has been found in algoliasearch-helper up to 3.11.1. The impacted element is the function _merge of the file merge.js of the component Search Parameter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is listed as CVE-2025-3193. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More