What the vulnerability does

01Description

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Key dates

02Disclosure timeline

June 4, 2025 CVE published
June 4, 2025 Record updated