Critical severityNVD Advisory· Published Jun 4, 2025· Updated Jun 4, 2025
CVE-2025-49223
CVE-2025-49223
Description
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
billboard.jsnpm | < 3.15.1 | 3.15.1 |
Affected products
2- Range: 3.15.1
Patches
Vulnerability mechanics
References
5- cve.naver.com/detail/cve-2025-49223.htmlghsavendor-advisoryWEB
- github.com/advisories/GHSA-65p9-j6pg-72hjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-49223ghsaADVISORY
- github.com/naver/billboard.js/blob/938f263feca453fba5a4dc48d86b32cc5b509443/src/core.tsghsaWEB
- github.com/naver/billboard.js/commit/82ea7ac4f5720d6a7f0c2fa5a5dad51a549667bbghsaWEB
News mentions
0No linked articles in our index yet.