Hugging Face's logo

manja316
/
modelscan-bypass-importlib-shutil

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

modelscan-bypass-importlib-shutil

Security Research β€” Modelscan Bypass PoC

Severity: HIGH

Module: importlib + operator.methodcaller β†’ shutil

Description: File operations via importlib.import_module("shutil") + methodcaller

Impact: Bypasses shutil.* blocklist. Can copy/move/delete files. shutil.rmtree for recursive deletion.

Modelscan Result 

$ modelscan scan -p pytorch_model.bin
No issues found! βœ… (FALSE NEGATIVE)

Tested against: modelscan 0.8.8 (latest)

How It Works

The pickle file uses importlib + operator.methodcaller β†’ shutil which is NOT in modelscan's unsafe_globals blocklist. When loaded via torch.load() or pickle.loads(), it executes the payload.

Responsible Disclosure

This PoC is part of responsible security research submitted via Huntr MFV program to help ProtectAI improve modelscan's detection capabilities.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support