metadata
license: apache-2.0
tags:
- security-research
- messagepack
- msgspec
- model-file-vulnerability
- huntr-mfv
MessagePack msgspec Decoder trigger PoC
This repository contains a benign security research proof of concept for a MessagePack model-file vulnerability report.
Files:
control.msgpackdecoder_trigger.msgpackreproduce.py
The malicious MessagePack file is loaded with
msgspec.msgpack.Decoder(type=ModelState).decode(...). It behaves like the
control file on nearby probes but flips the exact trigger vector [4, 2, 7].