CVE-2025-49223 | THREATINT

Description

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

PUBLISHED Reserved 2025-06-04 | Published 2025-06-04 | Updated 2025-06-04 | Assigner naver

Problem types

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Product status

Default status

affected

3.15.1

unaffected

Credits

Anonymous finder

References

cve.naver.com/detail/cve-2025-49223.html (NAVER Security Advisory) vendor-advisory

cve.org (CVE-2025-49223)

nvd.nist.gov (CVE-2025-49223)

Download JSON