Security Research PoC — ModelScan denylist bypass (joblib)
This repository contains a proof-of-concept model file for a responsible vulnerability disclosure submitted to huntr.com / Protect AI (Model Format Vulnerability program).
It demonstrates that a .joblib model can achieve arbitrary code execution at
joblib.load() time while being reported as clean by ModelScan, because the
payload uses a stdlib module (cProfile.run) that is not in ModelScan's
unsafe_globals denylist.
The payload is benign (writes a marker file / prints a banner). Do not load this file outside an isolated test environment. For research purposes only.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support