# Joblib Memory Cache Poisoning PoC (RCE)

This repository contains a Proof-of-Concept (PoC) for a critical Deserialization vulnerability in the `joblib` library, specifically affecting the `joblib.Memory` caching mechanism.

## Files
- `output.pkl`: A malicious pickle file designed to trigger Arbitrary Code Execution (RCE).
- `reproduce.py`: A Python script that demonstrates the attack flow from a victim's perspective and an attacker's perspective.

## Vulnerability Overview
The vulnerability (CWE-502) allows an attacker with write access to a shared or persistent cache directory to overwrite legitimate cached results with malicious pickle payloads. `joblib` implicitly deserializes these files without integrity verification, leading to RCE.

## Steps to Reproduce
1. Install requirements:
   ```bash
   pip install joblib