Shcheklein

**Name of the Vulnerable Software and Affected Versions** DataChain versions 0.34.1 and below **Description** DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically `DATACHAIN METASTORE` and `DATACHAIN WAREHOUSE`, within the `loader.py` module. This process allows for deserialization of untrusted data. An attacker who can set these environment variables can trigger code execution when the application loads. **Recommendations** Update to version 0.34.2 or later.