cyberwawa/joblib-path-traversal-poc

Joblib Path Traversal + Decompression Bomb PoCs

Files

• path_traversal.joblib — NDArrayWrapper with ../../ in filename → arbitrary file read
• decompression_bomb.joblib — ZF format with length=2^64 → memory exhaustion DoS
• poc_3_path_traversal_ndarray_wrapper.py — Full PoC script with explanation

Root Cause (Path Traversal)

In numpy_pickle_compat.py:99:

filename = os.path.join(unpickler._dirname, self.filename)  # NO SANITIZATION

self.filename comes from the deserialized NDArrayWrapper, attacker-controlled.

Root Cause (Decompression Bomb)

In numpy_pickle_compat.py:43-58:

length = int(length, 16)  # from file header, up to 2^64
data = zlib.decompress(file_handle.read(), 15, length)  # huge allocation