Lucene search
GoogleOSV:CVE-2021-39227HistorySep 17, 2021 - 2:15 p.m.
CVE-2021-39227
2021-09-1714:15:08
Google
osv.dev
4
zrender
prototype pollution
apache echarts
security vulnerability
github advisory
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is __proto__ in the object keys. Omit it before using it as an parameter in these affected methods. Or in echarts.util.merge and setOption if project is using ECharts.
Related
prion
prion
Design/Logic Flaw
2021-09-17 14:15:00
osv
osv
Prototype Pollution in the merge and clone helper methods
2021-09-20 19:53:15
cvelist
cvelist
veracode
veracode
Prototype Pollution
2021-09-20 07:49:48
cve
cve
CVE-2021-39227
2021-09-17 14:15:08
github
github
Prototype Pollution in the merge and clone helper methods
2021-09-20 19:53:15
nvd
nvd
CVE-2021-39227
2021-09-17 14:15:08
