Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2025/05/27 3:31 p.m.24 views

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

8.8CVSS7AI score0.00563EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/05/25 3:53 p.m.4 views

alaas (>=0.1.6 <=0.2.1), annlite (>=0.3.14 <=0.4.0) +73 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.41.0)

docarray PYPI version =0.12.9, =0.1.6, =0.3.14, =0.0.3, =0.1.0, =0.1.0, =0.1.7, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.5.7 - fasr-enhancement-deepfilternet =0.5.7 - fasr-enhancement-dtln =0.5.7 and more Source cves: CVE-2025-5150 Source advisory: SNYK:PYTHON-DOCARRAY-10246594...

8.8CVSS6.5AI score0.00563EPSS
Exploits1
snyk
snyk
added 2025/05/25 3:53 p.m.7 views

Prototype Pollution

Overview docarray is a The data structure for multimodal data Affected versions of this package are vulnerable to Prototype Pollution due to a lack of sanitization of unauthorized internal object in the getitem method. An attacker can manipulate object prototype attributes by sending a crafted...

8.8CVSS8AI score0.00563EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2025/05/25 3:30 p.m.4 views

arcodeai (>=0.1.0 <=0.1.2), auto-retrieval-plugin (>=0.1.0 <=0.1.5) +46 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.40.0)

docarray PYPI version =0.12.9, =0.1.0, =0.1.0, =0.2.5, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.5.7 and more Source cves: CVE-2025-5150 Source advisory: OSV:GHSA-J9WP-865G-RF48...

8.8CVSS6.5AI score0.00563EPSS
Exploits1
github
github
added 2025/05/25 3:30 p.m.15 views

docarray prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

8.8CVSS6.6AI score0.00563EPSS
Exploits1References6Affected Software1
osv
osv
added 2025/05/25 3:30 p.m.6 views

GHSA-J9WP-865G-RF48 docarray prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

6.3CVSS6.9AI score0.00563EPSS
Exploits1References6
nvd
nvd
added 2025/05/25 3:15 p.m.36 views

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

8.8CVSS0.00563EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/05/25 3:0 p.m.13 views

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

6.5CVSS6.3AI score0.00563EPSS
Exploits1References4
cve
cve
added 2025/05/25 3:0 p.m.91 views

CVE-2025-5150

CVE-2025-5150 affects docarray ≤ 0.40.1, specifically the Web API file /docarray/data/torch_dataset.py, where the vulnerable function is getitem . The issue enables prototype pollution via object prototype attributes, potentially allowing remote exploitation. Multiple sources corroborate a remote...

8.8CVSS6.4AI score0.00563EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2025/05/25 3:0 p.m.37 views

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

6.5CVSS0.00563EPSS
Exploits1References4
osv
osv
added 2025/05/25 3:0 p.m.4 views

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

5.3CVSS5.9AI score0.00563EPSS
Exploits1References6
cnnvd
cnnvd
added 2025/05/25 12:0 a.m.6 views

DocArray 安全漏洞

DocArray is a DocArray open source tool for representing, sending, storing, and searching multimodal data. A security vulnerability exists in DocArray 0.40.1 and earlier versions that stems from a prototype contamination issue in the file /docarray/data/torchdataset.py...

8.8CVSS6.3AI score0.00563EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2025/05/25 12:0 a.m.7 views

PT-2025-22862

Name of the Vulnerable Software and Affected Versions docarray versions up to 0.40.1 Description A critical issue affects the getitem function of the /docarray/data/torch dataset.py file in the Web API component. This issue leads to improperly controlled modification of object prototype attribute...

8.8CVSS6.5AI score0.00563EPSS
Exploits1References15
Rows per page
Query Builder