Hugging Face's logo

DohaLee
/
modelscan-logging-dictconfig-bypass-poc

Joblib
security
modelscan
pickle
proof-of-concept
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ModelScan logging.config.dictConfig bypass PoC

Private security disclosure artifact for the Huntr Model File Vulnerability program.

Contents

  • VULN_REPORT_2.md - technical vulnerability report
  • pocs/create_logging_dictconfig_pickle.py - PoC model-file generator
  • pocs/load_logging_dictconfig_pickle.py - local loader that demonstrates execution
  • pocs/logging_dictconfig_bypass.pkl - malicious pickle model file
  • pocs/logging_dictconfig_bypass.joblib - malicious joblib model file
  • pocs/modelscan_logging_dictconfig_pkl.json - local ModelScan result for the pickle file
  • pocs/modelscan_logging_dictconfig_joblib.json - local ModelScan result for the joblib file

Safety

These files are intentionally malicious proof-of-concept model files. Do not load the .pkl or .joblib files outside an isolated test environment.

The PoC was locally verified against ProtectAI ModelScan tag v0.8.8 at commit 61fcec9c2a37c24c1fb12d84ede30fe248a364bd: ModelScan reported zero issues for both files, and loading the files with Python 3.12 executed the embedded benign marker command.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support