You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

Joblib legacy compatibility hardening-bypass PoC

This repository contains a proof-of-concept artifact for a Joblib finding titled:

Security hardening bypass in legacy NDArrayWrapper compatibility loader defeats caller find_class restrictions

Files:

  • old.pkl: legacy Joblib compatibility wrapper
  • payload.npy: companion NumPy object array containing the payload
  • reproduce.py: deterministic repro script

The payload is intentionally harmless and only attempts to create /tmp/joblib_hf_poc_triggered when loaded through the vulnerable path.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support