CVE-2025-5150

Medium CVSS: 5.3

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Linuxfoundation

Product

Docarray

CWE

CWE-94

Yayın Tarihi

2025-05-25 15:15:22

Güncelleme

2025-06-03 12:58:43

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-94 Docarray MEDIUM Linuxfoundation 2025

Referanslar

https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8 https://vuldb.com/?ctiid.310238 https://vuldb.com/?id.310238 https://vuldb.com/?submit.574696 https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8

Benzer Kayıtlar

High

CVE-2026-27489

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,…

Critical

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. I…

Medium

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop…

High

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memo…

Medium

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorizat…

Medium

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup cop…