13 matches found
DataChain data_storage Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DataChain. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datastorage module...
CVE-2025-61677
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
EUVD-2025-32181
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
CVE-2025-61677 DataChain: Deserialization of Untrusted Data from Environment Variables
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
CVE-2025-61677 DataChain: Deserialization of Untrusted Data from Environment Variables
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
CVE-2025-61677 DataChain: Deserialization of Untrusted Data from Environment Variables
DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and...
DataChain 代码问题漏洞
DataChain is a version control software from Iterative open source. A code issue vulnerability exists in DataChain 0.34.1 and prior versions, which stems from failure to validate data when reading serialized objects from environment variables, which could lead to code execution...
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
The DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and DATACHAINWAREHOUSE in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads...
GHSA-6PX8-MR29-CJ4R DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
The DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and DATACHAINWAREHOUSE in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads...
Deserialization of Untrusted Data
Overview datachain is a Wrangle unstructured AI data at scale Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loader.py module. An attacker can execute arbitrary code by setting crafted environment variables that are deserialized by the application...
PT-2025-40450
Name of the Vulnerable Software and Affected Versions DataChain versions 0.34.1 and below Description DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically DATACHAIN METASTORE a...
Malicious code in datachain (npm)
The package datachain was found to contain malicious code...
MAL-2025-17997 Malicious code in datachain (npm)
The package datachain was found to contain malicious code...