Количество 2
Количество 2
CVE-2025-62517
Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.
GHSA-xcg2-9pp4-j82x
rollbar vulnerable to Prototype Pollution in merge()
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62517 Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input. | CVSS3: 5.9 | 0% Низкий | 4 месяца назад |
| GHSA-xcg2-9pp4-j82x rollbar vulnerable to Prototype Pollution in merge() | CVSS3: 5.9 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу