5 matches found
CVE-2025-61677
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
CVE-2025-61677
DataChain is a Python-based AI-data warehouse. Versions 0.34.1 and earlier are vulnerable to deserialization of untrusted data caused by how the loader.py reads serialized objects from environment variables (e.g., DATACHAIN__METASTORE, DATACHAIN__WAREHOUSE). An attacker who can set these environm...
CVE-2025-61677 DataChain: Deserialization of Untrusted Data from Environment Variables
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
CVE-2025-61677 DataChain: Deserialization of Untrusted Data from Environment Variables
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
CVE-2025-61677 DataChain: Deserialization of Untrusted Data from Environment Variables
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...