Hugging Face's logo

fsabiu
/
keras-modelscan-torchmodulewrapper-coverage-gap

Keras
Model card Files
xet
 Community
keras-modelscan-torchmodulewrapper-coverage-gap / HUNTR_FORM.md
fsabiu's picture
fsabiu
Update Huntr form notes with public PoC URL
910dd1d verified
preview code
|
raw
history blame contribute delete
1.14 kB

Huntr Form Copy

Target

Keras Native (.keras)

Title

ModelScan Keras V3 scanner misses TorchModuleWrapper unsafe deserialization surface in .keras files

Hugging Face PoC

https://huggingface.co/fsabiu/keras-modelscan-torchmodulewrapper-coverage-gap

Description

Use the full local draft:

01-mfv-model-file-vulnerabilities/report-drafts/F-MFV-001-modelscan-torchmodulewrapper-gap.md

Short Impact Statement

ModelScan 0.8.8 returns a clean scan for a Keras V3 .keras file containing TorchModuleWrapper, while Keras 3.14.0 blocks the same class in safe_mode=True because it can deserialize a torch.nn.Module through torch.load(). The same ModelScan setup correctly flags a benign Lambda positive control, so this is a targeted scanner coverage gap rather than a broken scanner installation.

Upload Checklist

  • Upload all files in this directory to a public Hugging Face repo.
  • Confirm Hugging Face SHA256 matches SHA256SUMS.txt.
  • Paste repo URL into the Huntr form.
  • Submit as scanner coverage gap / scanner bypass.
  • Do not present as a new Keras runtime RCE.