hacnho's picture
Upload README.md with huggingface_hub
89ab622 verified
|
Raw
History Blame Contribute Delete
556 Bytes
---
license: apache-2.0
tags:
- security-research
- messagepack
- msgspec
- model-file-vulnerability
- huntr-mfv
---
# MessagePack msgspec Decoder trigger PoC
This repository contains a benign security research proof of concept for a
MessagePack model-file vulnerability report.
Files:
- `control.msgpack`
- `decoder_trigger.msgpack`
- `reproduce.py`
The malicious MessagePack file is loaded with
`msgspec.msgpack.Decoder(type=ModelState).decode(...)`. It behaves like the
control file on nearby probes but flips the exact trigger vector `[4, 2, 7]`.