YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
torchvision extract_archive() TarSlip PoC
This archive demonstrates a path traversal (TarSlip/ZipSlip) vulnerability
in torchvision's extract_archive() function.
torchvision.datasets.utils._extract_tar() calls tar.extractall(to_path)
without any filter or path sanitization. Malicious tar members with ../
in their names escape the extraction directory.
Compare to PyTorch core's torch.hub._safe_extract_zip() which HAS full
path traversal protection - torchvision lacks this entirely.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support