| tags: | |
| - security | |
| - huntr | |
| - modelscan | |
| - model-file-vulnerability | |
| # F-MFV-008: ModelScan misses bundled Python code execution in PyTorch Package archives | |
| This repository contains a gated proof-of-concept model artifact for a Huntr Model File Vulnerability submission. | |
| Warning: do not load this artifact outside an isolated test environment. The payload is intentionally harmless and writes only local marker files during controlled reproduction, but it demonstrates a model-load execution path. | |
| ## Target | |
| - Finding: `F-MFV-008` | |
| - Target: PyTorch Package / ModelScan | |
| - Scanner: ModelScan `0.8.8` | |
| ## Summary | |
| The PyTorch Package artifact carries bundled Python source that executes a harmless marker during PackageImporter.load_pickle while ModelScan scans only the pickle payload and skips the package source file. | |
| ## Files | |
| - `malicious_package.pt` | |
| - SHA256: `14d118fd4a7af62fba2e6927b4504bd51ecac244e44c2fccb80f396d9c3532bf` | |
| ## Access | |
| This public repository is gated with manual access review for Huntr MFV triage. `protectai-bot` has been granted access. | |