Hugging Face's logo

manja316
/
modelscan-bypass-http-server

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community

Modelscan Bypass PoC: http.server.HTTPServer port binding backdoor

Security research only.

Summary

Creates an HTTP server bound to 0.0.0.0:8888 during pickle.load(). http.server is not in modelscan's unsafe_globals blocklist. Attacker can serve content or create a reverse shell listener.

Reproduction 

pip install modelscan
modelscan scan -p pytorch_model.bin  # No issues found
python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))"  # Executes

Affected: modelscan 0.7.6 (latest)

Disclosure: Submitted via Huntr.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support