CVE-2025-5150: 
Python vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-5150) was discovered in docarray versions up to 0.40.1, affecting the getitem function in the /docarray/data/torch_dataset.py file of the Web API component. The vulnerability was disclosed on May 25, 2025, and involves improperly controlled modification of object prototype attributes (prototype pollution). The vendor was contacted but did not respond to the disclosure (NVD).

The vulnerability exists in the getitem method of MultiModalDataset class which recursively searches python object via dotted paths from input without proper sanitization against unauthorized internal object access. This allows attackers to access internal class objects through paths like .class.base and manipulate them. The vulnerability has received a CVSS v3.1 Base Score of 6.3 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (NVD, GitHub POC).

The vulnerability allows attackers to overwrite internal python runtime class objects, which can lead to Denial of Service (DoS) attacks. When combined with backend code enriching python runtime states, there is potential for Remote Code Execution (RCE) and Cross-Site Scripting (XSS) attacks. The impact is particularly severe when the multimodal dataset operation is deployed through web APIs like FastAPI (GitHub POC).

The recommended mitigation is to implement checks against unauthorized internal attributes access in the getitem method of MultiModalDataset. Organizations should upgrade to versions newer than 0.40.1 once a patch is available (GitHub POC).