CNNVD-202510-521 Information
Oct 03, 2025
cve
CNNVD ID
CNNVD-202510-521
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
DataChain是Iterative开源的一个版本控制软件。 DataChain 0.34.1及之前版本存在代码问题漏洞,该漏洞源于从环境变量读取序列化对象时未验证数据,可能导致代码执行。
Description (English)
DataChain is an Iteratotive open source version of the control software. DataChain 0.34.1 and previous versions had a code problem loophole, which stemmed from the failure to validate data when sequencing objects were read from environmental variables and could lead to code execution.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
Iterative
Published
2025-10-03
Last Modified
2026-02-24
References
https://github.com/iterative/datachain/commit/914b95610620d50c8d9bee506ccbfa7d4d57fdc0 https://github.com/iterative/datachain/pull/1358 https://github.com/iterative/datachain/security/advisories/GHSA-6px8-mr29-cj4r