Hugging Face's logo

etwithin
/
torchao-unsafe-deser-poc

Model card Files
xet
 Community

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

torchao Unsafe Deserialization ACE PoC

Multiple unsafe deserialization paths in torchao:

  1. torchao/kernel/autotuner.py: pickle.load(f) on autotuner cache files
  2. torchao/prototype/spinquant/_hadamard_matrices.py: pickle.load(source) on data files
  3. torchao/prototype/quantization/autoquant_v2.py: torch.load(subgraph_fname, weights_only=False)

All paths allow arbitrary code execution from malicious files.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support