Modelscan Bypass PoC: compileall.compile_dir filesystem enumeration
Security research only.
Summary
Calls compileall.compile_dir() which recursively lists and compiles all Python files. compileall is not in modelscan's unsafe_globals blocklist. Info disclosure: enumerates filesystem structure.
Reproduction
pip install modelscan
modelscan scan -p pytorch_model.bin # No issues found
python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))" # Executes
Affected: modelscan 0.7.6 (latest)
Disclosure: Submitted via Huntr.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support