CVE-2025-62517: rollbar vulnerable to Prototype Pollution in merge()
(updated )
Prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible.
References
- github.com/advisories/GHSA-xcg2-9pp4-j82x
- github.com/rollbar/rollbar.js
- github.com/rollbar/rollbar.js/commit/61032fe6c208b71e249514800808a54bcb8cb8bb
- github.com/rollbar/rollbar.js/commit/d717def8b68f4a947975d0aebb729869cdb2d343
- github.com/rollbar/rollbar.js/pull/1390
- github.com/rollbar/rollbar.js/pull/1394
- github.com/rollbar/rollbar.js/security/advisories/GHSA-xcg2-9pp4-j82x
- nvd.nist.gov/vuln/detail/CVE-2025-62517
Code Behaviors & Features
Detect and mitigate CVE-2025-62517 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →