You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Security Research: Compressed Joblib Scanner Evasion PoC

WARNING: This repository contains proof-of-concept model files for security research purposes only. These files demonstrate a scanner evasion vulnerability and should NOT be loaded on production systems.

Purpose

This repository hosts PoC model files demonstrating that compressed Joblib files bypass ModelScan v0.8.8 and Picklescan v1.0.4 static analysis while containing arbitrary code execution payloads.

Files

File	Description	Scanner Result
`malicious_compressed.joblib`	LZMA-compressed payload via `exec()`	0 issues (both scanners)
`malicious_uncompressed.joblib`	Same payload, no compression	Detected (both scanners)
`benign_reference.joblib`	Clean model for comparison	Clean

Reproduction

pip install joblib==1.5.3 modelscan==0.8.8 picklescan==1.0.4

# Scan compressed — MISSED
modelscan --path malicious_compressed.joblib
picklescan --path malicious_compressed.joblib

# Scan uncompressed — DETECTED
modelscan --path malicious_uncompressed.joblib  
picklescan --path malicious_uncompressed.joblib

# Load compressed — ACE triggers
python -c "import joblib; joblib.load('malicious_compressed.joblib')"

Responsible Disclosure

This vulnerability has been reported via Huntr's MFV bounty program.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support