import org.deeplearning4j.util.ModelSerializer; import java.io.File; public class LoadPoc { public static void main(String[] a) throws Exception { // The "victim" action: load a model file with the standard DL4J API. System.out.println("[*] loading malicious-model.zip via ModelSerializer.restoreMultiLayerNetwork ..."); try { ModelSerializer.restoreMultiLayerNetwork(new File("malicious-model.zip")); } catch (Throwable t) { System.out.println("[*] (cast/parse error after deserialization is expected): " + t.getClass().getSimpleName()); } System.out.println("[*] check for /tmp/DL4J_RCE_CANARY -> if present, code ran during model load."); } }