Hugging Face's logo

lexi-core-ai
/
sentence-transformers-dos-poc

sentence-transformers
security-research
Model card Files
xet
 Community

Security Research PoC - DO NOT USE

This model demonstrates CVE in sentence-transformers import_from_string(). Loading this model will crash your process (SIGABRT via os.abort).

This is a security research artifact. Do not load this model.

Vulnerability

sentence-transformers uses import_from_string() to load arbitrary Python modules from model config files (modules.json, config.json) without any trust_remote_code check or module allowlist.

An attacker can set activation_function in Dense config to any Python callable (e.g., os.abort, sys.exit, os.system), which gets imported and called with zero arguments during model loading.

Affected Files

  • sentence_transformers/util.py - import_from_string()
  • sentence_transformers/models/Dense.py:74 - activation_function import+call
  • sentence_transformers/SentenceTransformer.py:1203 - modules.json type field
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support