Upload folder using huggingface_hub

f0a656a verified about 2 months ago

608 Bytes

library_name: pytorch
tags:
  - security-research
  - modelscan-bypass
license: mit

ModelScan Bypass PoC — imp.load_source

Security research for responsible disclosure via Huntr MFV program.

Vulnerability

imp.load_source is not in modelscan's unsafe_globals blocklist. modelscan reports "No issues found" but loading triggers FULL RCE via exec() on arbitrary .py file. Loads and executes any Python file on disk. Deprecated but present in Python 3.8-3.11..

Impact: CRITICAL

Reproduction

pip install modelscan
modelscan scan -p bypass_poc.pkl
# Output: "No issues found!"