YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)
PoC: DirectoryReader Path Traversal β Arbitrary File Read
Vulnerability: torch/package/_directory_reader.py:35-48 β All three methods (get_record(), get_storage_from_record(), has_record()) construct file paths by concatenating the base directory with unsanitized user-supplied names. Path traversal via ../ sequences reads arbitrary files from the filesystem.
Files
poc_dirreader_traversal.pyβ Full PoC (path traversal + filesystem probing + realistic scenario)
Quick Start
pip install torch
python poc_dirreader_traversal.py
Expected Output
get_record("../../../../etc/passwd")reads /etc/passwd (3454 bytes, 60 lines)has_record()probes filesystem for sensitive files (SSH keys, /proc/self/environ, etc.)- Realistic malicious package scenario reads /etc/passwd via DirectoryReader
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support