Lowpissang

**Name of the Vulnerable Software and Affected Versions** ZRender versions prior to 5.2.1 Apache ECharts versions prior to 5.2.1 **Description** The issue results in prototype pollution when using `merge` and `clone` helper methods in the `src/core/util.ts` module. It affects Apache ECharts, which uses and exports these methods directly. A proof of concept is available on the GitHub Security Advisory page. **Recommendations** For ZRender versions prior to 5.2.1, update to version 5.2.1. For Apache ECharts versions prior to 5.2.1, update to version 5.2.1. As a temporary workaround, check if there is ` proto ` in the object keys and omit it before using it as a parameter in the affected methods, such as `echarts.util.merge` and `setOption`.