hacnho's picture
Upload README.md with huggingface_hub
89ab622 verified
|
Raw
History Blame Contribute Delete
556 Bytes
metadata
license: apache-2.0
tags:
  - security-research
  - messagepack
  - msgspec
  - model-file-vulnerability
  - huntr-mfv

MessagePack msgspec Decoder trigger PoC

This repository contains a benign security research proof of concept for a MessagePack model-file vulnerability report.

Files:

  • control.msgpack
  • decoder_trigger.msgpack
  • reproduce.py

The malicious MessagePack file is loaded with msgspec.msgpack.Decoder(type=ModelState).decode(...). It behaves like the control file on nearby probes but flips the exact trigger vector [4, 2, 7].