Skip to content

Prototype Pollution in zrender

Low
pissang published GHSA-fhv8-fx5f-7fxf Sep 17, 2021

Package

npm zrender (npm)

Affected versions

<= 5.2.0, <= 4.3.2

Patched versions

5.2.1, 4.3.3

Description

Impact

Using merge and clone helper methods in the src/core/util.ts module will have prototype pollution. It will affect the popular data visualization library Apache ECharts, which is using and exported these two methods directly.

Patches

It has been patched in #826.
Users should update zrender to 5.2.1. and update echarts to 5.2.1 if project is using echarts.

References

NA

For more information

NA

Severity

Low

CVE ID

CVE-2021-39227

Weaknesses

Credits