YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
ModelScan Compression Blind-Spot — Compressed .joblib bypasses pickle scanner → ACE
Vulnerability type: Scanner bypass + Arbitrary Code Execution
Affected library: protectai/model-scan ≤ 0.8.8
File format:.joblibwithcompress='gzip'|'zlib'|'bz2'|'lzma'
Severity: Critical
Quick Start
pip install joblib modelscan numpy
python3 reproduce.py
Result
[gzip] issues=0 → ✓ BYPASS + RCE
[zlib] issues=0 → ✓ BYPASS + RCE
[bz2] issues=0 → ✓ BYPASS + RCE
[lzma] issues=0 → ✓ BYPASS + RCE
[ref] issues=1 → ✓ correctly flagged (uncompressed baseline)
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support