CNNVD-202510-3196 Information
CNNVD ID
CNNVD-202510-3196
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
Rollbar.js是Rollbar开源的一个从错误跟踪和日志记录库。 Rollbar.js 2.26.5之前版本和3.0.0-alpha1至3.0.0-beta5之前版本存在安全漏洞,该漏洞源于merge函数存在原型污染,可能导致恶意输入污染原型链。
Description (English)
Rollbar.js is an open source of Rollbar’s journal logs for tracking errors. There is a safety loophole before Rollbar.js 2.26.5 and before 3.0.0-alpha1 to 3.0.0-beta5, which stems from the prototype contamination of the Merge function, which may lead to malicious input to contaminate the prototype chain.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rollbar
Published
2025-10-23
Last Modified
2026-02-24
References
https://github.com/rollbar/rollbar.js/commit/61032fe6c208b71e249514800808a54bcb8cb8bb https://github.com/rollbar/rollbar.js/commit/d717def8b68f4a947975d0aebb729869cdb2d343 https://github.com/rollbar/rollbar.js/pull/1390 https://github.com/rollbar/rollbar.js/pull/1394 https://github.com/rollbar/rollbar.js/security/advisories/GHSA-xcg2-9pp4-j82x
Patch
https://github.com/rollbar/rollbar.js/releases
Share on: