YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Pickle Scanner Bypass PoC
Vulnerability
Malicious .pkl file achieves Arbitrary Code Execution via pickle.load(),
while bypassing both picklescan 1.0.4 and modelscan 0.8.8.
Technique
Uses marshal.loads + types.FunctionType + importlib.import_module chain.
All three globals are Suspicious (not Dangerous) in picklescan,
and absent from modelscan unsafe_globals.
Scanner Results
- picklescan 1.0.4: 0 dangerous globals
- modelscan 0.8.8: No issues found
Reproduction
import pickle
with open('malicious_model.pkl', 'rb') as f:
pickle.load(f) # ACE
Versions: picklescan 1.0.4, modelscan 0.8.8, Python 3.12
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support