YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Joblib Scanner Bypass PoC
Vulnerability
Malicious .joblib file achieves Arbitrary Code Execution when loaded via joblib.load(),
while bypassing both picklescan 1.0.4 and modelscan 0.8.8.
Technique
Uses marshal.loads + types.FunctionType + importlib.import_module chain.
All three globals are classified as Suspicious (not Dangerous) by picklescan,
and are NOT present in modelscan unsafe_globals configuration.
Scanners Bypassed
- picklescan 1.0.4: 0 dangerous globals detected
- modelscan 0.8.8: No issues found
Reproduction
import joblib
# WARNING: This executes arbitrary code!
joblib.load('malicious_model.joblib')
Impact
Any application using joblib.load() on untrusted files is vulnerable to ACE,
even when scanning with picklescan and modelscan.
Globals Used (all bypass detection)
marshal.loads- Deserializes bytecode (picklescan: Suspicious, modelscan: not flagged)types.FunctionType- Creates executable function (picklescan: Suspicious, modelscan: not flagged)importlib.import_module- Provides builtins for function context (not flagged by either)
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support