YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

ModelScan Compression Blind-Spot — Compressed .joblib bypasses pickle scanner → ACE

Vulnerability type: Scanner bypass + Arbitrary Code Execution
Affected library: protectai/model-scan ≤ 0.8.8
File format: .joblib with compress='gzip'|'zlib'|'bz2'|'lzma'
Severity: Critical


Quick Start

pip install joblib modelscan numpy
python3 reproduce.py

Result

[gzip] issues=0  → ✓ BYPASS + RCE
[zlib] issues=0  → ✓ BYPASS + RCE
[bz2]  issues=0  → ✓ BYPASS + RCE
[lzma] issues=0  → ✓ BYPASS + RCE
[ref]  issues=1  → ✓ correctly flagged (uncompressed baseline)
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support