PT-2025-43560 · Rollbar · Rollbar.Js
Published
2025-10-23
·
Updated
2025-10-28
·
CVE-2025-62517
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Rollbar.js versions prior to 2.26.5
Rollbar.js versions 3.0.0-alpha1 through 3.0.0-beta5
Description
Rollbar.js provides error tracking and logging from Javascript to Rollbar. A prototype pollution issue exists in the
merge() function when application code calls rollbar.configure() with untrusted input. This can lead to prototype pollution. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.Recommendations
Update to version 2.26.5 or later.
Update to version 3.0.0-beta5 or later.
Ensure that values passed to
rollbar.configure() do not contain untrusted input.Exploit
Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rollbar.Js