Hugging Face's logo

fsabiu
/
keras-modelscan-torchmodulewrapper-coverage-gap

Keras
Model card Files
xet
 Community
keras-modelscan-torchmodulewrapper-coverage-gap
File size: 1,139 Bytes
496e58e
 
 
 
 
 
 
 
 
 
 
 
910dd1d
496e58e
 
 
 
 
 
 
 
 
 
 
 
 
 
 
910dd1d
 
496e58e
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Huntr Form Copy

## Target

Keras Native (`.keras`)

## Title

ModelScan Keras V3 scanner misses `TorchModuleWrapper` unsafe deserialization surface in `.keras` files

## Hugging Face PoC

https://huggingface.co/fsabiu/keras-modelscan-torchmodulewrapper-coverage-gap

## Description

Use the full local draft:

```text
01-mfv-model-file-vulnerabilities/report-drafts/F-MFV-001-modelscan-torchmodulewrapper-gap.md
```

## Short Impact Statement

ModelScan 0.8.8 returns a clean scan for a Keras V3 `.keras` file containing `TorchModuleWrapper`, while Keras 3.14.0 blocks the same class in `safe_mode=True` because it can deserialize a `torch.nn.Module` through `torch.load()`. The same ModelScan setup correctly flags a benign Lambda positive control, so this is a targeted scanner coverage gap rather than a broken scanner installation.

## Upload Checklist

- [x] Upload all files in this directory to a public Hugging Face repo.
- [x] Confirm Hugging Face SHA256 matches `SHA256SUMS.txt`.
- [ ] Paste repo URL into the Huntr form.
- [ ] Submit as scanner coverage gap / scanner bypass.
- [ ] Do not present as a new Keras runtime RCE.