metadata
license: mit
tags:
- security-research
- proof-of-concept
- vulnerability-disclosure
Security Research: Compressed Joblib Scanner Evasion PoC
WARNING: This repository contains proof-of-concept model files for security research purposes only. These files demonstrate a scanner evasion vulnerability and should NOT be loaded on production systems.
Purpose
This repository hosts PoC model files demonstrating that compressed Joblib files bypass ModelScan v0.8.8 and Picklescan v1.0.4 static analysis while containing arbitrary code execution payloads.
Files
| File | Description | Scanner Result |
|---|---|---|
malicious_compressed.joblib |
LZMA-compressed payload via exec() |
0 issues (both scanners) |
malicious_uncompressed.joblib |
Same payload, no compression | Detected (both scanners) |
benign_reference.joblib |
Clean model for comparison | Clean |
Reproduction
pip install joblib==1.5.3 modelscan==0.8.8 picklescan==1.0.4
# Scan compressed — MISSED
modelscan --path malicious_compressed.joblib
picklescan --path malicious_compressed.joblib
# Scan uncompressed — DETECTED
modelscan --path malicious_uncompressed.joblib
picklescan --path malicious_uncompressed.joblib
# Load compressed — ACE triggers
python -c "import joblib; joblib.load('malicious_compressed.joblib')"
Responsible Disclosure
This vulnerability has been reported via Huntr's MFV bounty program.