CVE-2021-39227
CVE-2021-39227 affects ZRender prior to 5.2.1, enabling prototype pollution via the merge and clone helpers in src/core/util.ts. Apache ECharts uses and exports these methods, so the vulnerability can impact dependent code paths. The issue is patched in ZRender 5.2.1; a documented workaround is t...