Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| rollbar(npm) | 0 | 2.26.5 | N/A |
| rollbar(npm) | 3.0.0-alpha1 | 3.0.0-beta5 | N/A |
CVSS Metrics
