Description

Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.

INFO

Published Date :

2025-10-23T19:52:15.376Z

Last Modified :

2025-10-23T20:16:08.104Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62517 vulnerability.

Vendors Products
Rollbar
  • Rollbar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62517.

URL Resource
https://github.com/rollbar/rollbar.js/commit/61032fe6c208b71e249514800808a54bcb8cb8bb cve-icon cve-icon
https://github.com/rollbar/rollbar.js/commit/d717def8b68f4a947975d0aebb729869cdb2d343 cve-icon cve-icon
https://github.com/rollbar/rollbar.js/pull/1390 cve-icon cve-icon
https://github.com/rollbar/rollbar.js/pull/1394 cve-icon cve-icon
https://github.com/rollbar/rollbar.js/security/advisories/GHSA-xcg2-9pp4-j82x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact