Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39227: Prototype Pollution in zrender

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is __proto__ in the object keys. Omit it before using it as an parameter in these affected methods. Or in echarts.util.merge and setOption if project is using ECharts.

CVE
Open in Source
#vulnerability#apache#git

Impact

Using merge and clone helper methods in the src/core/util.ts module will have prototype pollution. It will affect the popular data visualization library Apache ECharts, which is using and exported these two methods directly.

Patches

It has been patched in #826.
Users should update zrender to 5.2.1. and update echarts to 5.2.1 if project is using echarts.

References

NA

For more information

NA

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE