hacnho's picture
Upload README.md with huggingface_hub
074c9de verified
|
Raw
History Blame Contribute Delete
549 Bytes
---
license: apache-2.0
tags:
- security-research
- messagepack
- msgspec
- model-file-vulnerability
- huntr-mfv
---
# MessagePack msgspec Decoder untyped trigger PoC
This repository contains a benign security research proof of concept for a
MessagePack model-file vulnerability report.
Files:
- `control.msgpack`
- `decoder_trigger.msgpack`
- `reproduce.py`
The malicious MessagePack file is loaded with
`msgspec.msgpack.Decoder().decode(...)`. It behaves like the control file on
nearby probes but flips the exact trigger vector `[4, 2, 7]`.