README.md

---
license: mit
tags:
- security-research
- modelscan-bypass
---

# modelscan-bypass-http-client-ssrf

## Impact
HIGH - SSRF via HTTPS connection

## Technique  
http.client.HTTPSConnection() - http.client not in blocklist (only httplib is)

## Verification
```bash
# Scan with modelscan - should show "No issues found"
modelscan scan -p model.pkl

# Execute to verify malicious behavior
python3 -c "import pickle; pickle.loads(open('model.pkl','rb').read())"
```

## Details
Modelscan bypass via http.client - SSRF
Tested against modelscan v0.7.6 (latest PyPI release).