| library_name: pytorch | |
| tags: | |
| - security-research | |
| - modelscan-bypass | |
| license: mit | |
| # ModelScan Bypass PoC — cgi.test | |
| Security research for responsible disclosure via Huntr MFV program. | |
| ## Vulnerability | |
| `cgi.test` not in modelscan blocklist. Reports "No issues found" but triggers calls exec() on CGI environment processing code.. | |
| ## Impact: MEDIUM | |
| ## Reproduction | |
| ```bash | |
| pip install modelscan && modelscan scan -p bypass_poc.pkl | |
| # "No issues found!" | |
| ``` | |