CVE-2025-62517
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-62517
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-62517.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-62517
- Aliases
- Published
- 2025-10-23T19:52:15Z
- Modified
- 2025-10-25T04:19:28.871756Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Rollbar.js Prototype Pollution Vulnerability in merge()
- Details
-
Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.
- Database specific
{ "cwe_ids": [ "CWE-1321" ] }- References
-
- https://github.com/rollbar/rollbar.js/security/advisories/GHSA-xcg2-9pp4-j82x
- https://github.com/rollbar/rollbar.js/commit/61032fe6c208b71e249514800808a54bcb8cb8bb
- https://github.com/rollbar/rollbar.js/commit/d717def8b68f4a947975d0aebb729869cdb2d343
- https://github.com/rollbar/rollbar.js/pull/1390
- https://github.com/rollbar/rollbar.js/pull/1394
Affected packages
Git / github.com/rollbar/rollbar.js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rollbar/rollbar.js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10.7
v0.10.8
v1.*
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-beta3
v1.0.0-beta4
v1.0.0-beta5
v1.0.0-beta6
v1.0.0-beta7
v1.0.0-beta8
v1.0.0-beta9
v1.0.0-rc.1
v1.0.0-rc.10
v1.0.0-rc.11
v1.0.0-rc.2
v1.0.0-rc.3
v1.0.0-rc.4
v1.0.0-rc.5
v1.0.0-rc.6
v1.0.0-rc.7
v1.0.0-rc.8
v1.0.0-rc.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.0-alpha.1
v1.3.0-alpha.2
v1.3.0-alpha.3
v1.3.0-alpha.4
v1.3.0-alpha.5
v1.3.0-rc.1
v1.3.0-rc.2
v1.3.0-rc.3
v1.3.0-rc.4
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v2.*
v2.0.0
v2.0.0-alpha.1
v2.0.0-alpha.2
v2.0.0-alpha.3
v2.0.0-alpha.4
v2.0.0-alpha.5
v2.0.0-alpha.6
v2.0.0-alpha.7
v2.0.0-alpha.8
v2.0.0-alpha.9
v2.0.0-beta.1
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.11.0
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.14.0
v2.14.1
v2.14.10
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.14.8
v2.14.9
v2.15.0
v2.15.1
v2.15.2
v2.16.0
v2.16.1
v2.16.2
v2.17.0
v2.18.0
v2.19.0
v2.19.1
v2.19.2
v2.19.3
v2.19.4
v2.2.0
v2.2.0-alpha.1
v2.2.1
v2.2.10
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.20.0
v2.21.0
v2.21.1
v2.22.0
v2.23.0
v2.24.0
v2.24.1
v2.25.0
v2.25.1
v2.25.2
v2.26.0
v2.26.1
v2.26.2
v2.26.3
v2.26.4
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.9.0