CVE-2025-5150
docarray Web API torch_dataset.py __getitem__ prototype pollution
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
docarray Web API torch_dataset.py __getitem__ prototype pollution
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Eine kritische Schwachstelle wurde in docarray bis 0.40.1 ausgemacht. Betroffen davon ist die Funktion __getitem__ der Datei /docarray/data/torch_dataset.py der Komponente Web API. Mittels dem Manipulieren mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
| 2025-05-24: | Advisory disclosed |
| 2025-05-24: | VulDB entry created |
| 2025-05-24: | VulDB entry last update |
Gavin Zhong (VulDB User)
vuldb.com/?id.310238 (VDB-310238 | docarray Web API torch_dataset.py __getitem__ prototype pollution)
vuldb.com/?ctiid.310238 (VDB-310238 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.574696 (Submit #574696 | docarray 0.40.1 Improperly Controlled Modification of Object Prototype Attribute)
gist.github.com/...rboy-zjc/56502343bcb12eb653081b426debf2c8
Support options
