YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PyTorch Scanner Bypass PoC
Vulnerability
Malicious .pt file achieves Arbitrary Code Execution via torch.load(),
while bypassing both picklescan 1.0.4 and modelscan 0.8.8.
Technique
Uses marshal.loads + types.FunctionType + importlib.import_module chain.
All three globals are Suspicious (not Dangerous) in picklescan,
and absent from modelscan unsafe_globals.
Scanner Results
- picklescan 1.0.4: 0 dangerous globals
- modelscan 0.8.8: No issues found
Reproduction
import torch
torch.load('malicious_model.pt', weights_only=False) # ACE
Versions: torch 2.10.0, picklescan 1.0.4, modelscan 0.8.8, Python 3.12
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support