EPSS
Percentile
64.7%
zrender is vulnerable to prototype pollution. An attacker is able to inject malicious property using merge and clone helper methods in the src/core/util.ts causing prototype pollution via __proto__ .
merge
clone
src/core/util.ts
__proto__
github.com/ecomfe/zrender/pull/826
github.com/ecomfe/zrender/releases/tag/5.2.1
github.com/ecomfe/zrender/security/advisories/GHSA-fhv8-fx5f-7fxf