Hugging Face's logo

manja316
/
modelscan-bypass-importlib-socket

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community
modelscan-bypass-importlib-socket / README.md
manja316's picture
manja316
Upload folder using huggingface_hub
333cf27 verified
preview code
|
raw
history blame contribute delete
966 Bytes
metadata 
license: mit
tags:
  - security-research
  - modelscan-bypass

modelscan-bypass-importlib-socket

Security Research — Modelscan Bypass PoC

Severity: HIGH

Module: importlib + operator.methodcaller → socket

Description: Network info leak via importlib.import_module("socket") + methodcaller

Impact: Bypasses socket.* blocklist. Can create sockets, connect to external hosts, exfiltrate data.

Modelscan Result 

$ modelscan scan -p pytorch_model.bin
No issues found! ✅ (FALSE NEGATIVE)

Tested against: modelscan 0.8.8 (latest)

How It Works

The pickle file uses importlib + operator.methodcaller → socket which is NOT in modelscan's unsafe_globals blocklist. When loaded via torch.load() or pickle.loads(), it executes the payload.

Responsible Disclosure

This PoC is part of responsible security research submitted via Huntr MFV program to help ProtectAI improve modelscan's detection capabilities.