Hugging Face's logo

baguette168
/
modelscan-bypass-poc

Tabular Classification
Joblib
security
cybersecurity
pickle
deserialization
arbitrary-code-execution
poc
modelscan
Model card Files
xet
Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ModelScan Bypass PoC - Security Research

⚠️ This repository contains a proof-of-concept for security research purposes only.

This model file demonstrates a vulnerability in ModelScan's pickle scanner that allows arbitrary code execution while evading detection.

Do NOT load this file with joblib.load() on a production system.

Details

  • File: malicious_model.joblib
  • Scanner: ModelScan 0.8.7
  • Result: "No issues found" (false negative)
  • Actual behavior: Executes id > /tmp/modelscan_bypass_poc.txt on load

Reproduction 

pip install joblib modelscan

modelscan --path malicious_model.joblib
# Output: "No issues found"

# WARNING: The next command executes arbitrary code
python -c "import joblib; joblib.load('malicious_model.joblib')"
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
Tabular Classification
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support