YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PyTorch Archive (ZIP) Scanner Bypass PoC
Vulnerability
Malicious .mar (PyTorch Archive ZIP) file achieves Arbitrary Code Execution
when unpacked and loaded, while bypassing both picklescan 1.0.4 and modelscan 0.8.8.
Technique
ZIP archive contains archive/data.pkl with marshal+FunctionType+importlib chain. All three globals bypass both scanners.
Scanner Results
- picklescan 1.0.4: 0 dangerous globals
- modelscan 0.8.8: No issues found
Versions: torch 2.10.0, picklescan 1.0.4, modelscan 0.8.8, Python 3.12
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support