CVE-2025-5150 | docarray up to 0.40.1 Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is handled as CVE-2025-5150. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5150 | docarray up to 0.40.1 Web API torch_dataset.py __getitem__ prototype pollution

Post correlati

CVE-2025-47539 | Eventin Plugin up to 4.0.26 on WordPress import_items authorization

CVE-2024-39291 | Linux Kernel up to 6.6.32/6.9.3 amdgpu cp_compute_microcode buffer overflow (19bd9537b6bc/f1b6a016dfa4/acce6479e30f)

CVE-2024-2352 | 1Panel up to 1.10.1-lts swap baseApi.UpdateDeviceSwap Path command injection (ID 4131)

CVE-2023-47526 | Chartify Plugin up to 2.0.6 on WordPress cross site scripting

CVE-2025-5150 | docarray up to 0.40.1 Web API torch_dataset.py getitem prototype pollution