README.md

---
library_name: pytorch
tags:
  - security-research
  - modelscan-bypass
license: mit
---
# ModelScan Bypass PoC — distutils.core.run_setup
Security research for responsible disclosure via Huntr MFV program.
## Vulnerability
`distutils.core.run_setup` not in modelscan blocklist. Reports "No issues found" but triggers FULL RCE via exec() on arbitrary setup.py file. VERIFIED: writes files, executes commands..
## Impact: CRITICAL
## Reproduction
```bash
pip install modelscan && modelscan scan -p bypass_poc.pkl
# "No issues found!"
```