CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

Prototype Pollution

Overview docarray is a The data structure for multimodal data Affected versions of this package are vulnerable to Prototype Pollution due to a lack of sanitization of unauthorized internal object in the getitem method. An attacker can manipulate object prototype attributes by sending a crafted...

alaas (>=0.1.6 <=0.2.1), annlite (>=0.3.14 <=0.4.0) +68 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.41.0)

docarray PYPI version =0.12.9, =0.1.6, =0.3.14, =0.0.3, =0.1.0, =0.1.0, =0.1.7, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.7, =0.3.7.post0 and more Source cves: CVE-2025-5150 Source advisory: SNYK:PYTHON-DOCARRAY-10246594...

docarray prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

arcodeai (>=0.1.0 <=0.1.2), auto-retrieval-plugin (>=0.1.0 <=0.1.5) +42 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.40.0)

docarray PYPI version =0.12.9, =0.1.0, =0.1.0, =0.2.5, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.7, =0.3.9, =0.5.2, =0.3.9, =0.5.3 and more Source cves: CVE-2025-5150 Source advisory: OSV:GHSA-J9WP-865G-RF48...

GHSA-J9WP-865G-RF48 docarray prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150

CVE-2025-5150 affects docarray ≤ 0.40.1, specifically the Web API file /docarray/data/torch_dataset.py, where the vulnerable function is getitem . The issue enables prototype pollution via object prototype attributes, potentially allowing remote exploitation. Multiple sources corroborate a remote...

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

PT-2025-22862 · Docarray · Docarray

Name of the Vulnerable Software and Affected Versions: docarray versions up to 0.40.1 Description: A critical issue affects the getitem function of the /docarray/data/torch dataset.py file in the Web API component. This issue leads to improperly controlled modification of object prototype...

DocArray 安全漏洞

DocArray is a DocArray open source tool for representing, sending, storing, and searching multimodal data. A security vulnerability exists in DocArray 0.40.1 and earlier versions that stems from a prototype contamination issue in the file /docarray/data/torchdataset.py...