Hugging Face's logo

manja316
/
modelscan-bypass-code-console

Joblib
security-research
modelscan-bypass
Model card Files
xet
 Community
modelscan-bypass-code-console / README.md
manja316's picture
manja316
Add README
aca889b verified
preview code
|
raw
history blame contribute delete
629 Bytes
metadata 
license: mit
tags:
  - security-research
  - modelscan-bypass

ModelScan Bypass: code.InteractiveConsole RCE

Security research PoC — demonstrates modelscan scanner bypass via code.InteractiveConsole + operator.methodcaller.

DO NOT LOAD THESE FILES

The pickle files in this repository contain code execution payloads for security research purposes only.

Details

  • code module not in modelscan blocklist
  • operator.methodcaller not blocked (only attrgetter is)
  • Chain: methodcaller('push', payload)(InteractiveConsole()) → full RCE
  • Tested on modelscan 0.7.6 and 0.8.8 — both report 0 issues