Add onnxruntime ACE PoC
Browse files- README.md +9 -0
- malicious_t5_state.bin +3 -0
README.md
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# onnxruntime t5_helper.load_model() ACE PoC
|
| 2 |
+
|
| 3 |
+
`onnxruntime/transformers/models/t5/t5_helper.py` line 91:
|
| 4 |
+
```python
|
| 5 |
+
model.load_state_dict(torch.load(state_dict_path))
|
| 6 |
+
```
|
| 7 |
+
|
| 8 |
+
Bare `torch.load()` without `weights_only` parameter enables ACE
|
| 9 |
+
when loading malicious T5 model state dicts.
|
malicious_t5_state.bin
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
version https://git-lfs.github.com/spec/v1
|
| 2 |
+
oid sha256:3908a7b8fa3439d8a985ec1c7337042a7288359a1a364bb004cd2b88444a2551
|
| 3 |
+
size 2166
|