CVE-2025-49223

Summary

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected Software

VendorProductVersion RangeStatus
NAVERbillboard.js3.15.1unaffected

Weaknesses

  • CWE-1321: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References