You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ModelScan Bypass PoC β€” _io.open Chain

Security research: pickle file that bypasses ProtectAI modelscan scanner while achieving arbitrary file read via _io.open + operator.methodcaller.

For responsible disclosure via Huntr MFV program only.

Chain

  1. _io.open('/etc/passwd', 'r') β†’ opens arbitrary file (builtins.open is blocked but _io.open is not)
  2. operator.methodcaller('read') β†’ reads file contents (only attrgetter is blocked)
  3. Chains together: methodcaller(file_handle) β†’ returns file contents

Modelscan Result

No issues found! πŸŽ‰

Impact

Arbitrary file read bypassing modelscan's pickle safety scanner. Can exfiltrate SSH keys, credentials, cloud tokens.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support