metadata
license: mit
tags:
- modelscan-bypass
- security-research
ModelscanBypass logging.config.dictConfig
Security research: modelscan v0.7.6/v0.8.8 does not block logging.config.
Vulnerability
logging.config.dictConfig(config) can create arbitrary files via FileHandler configuration. The logging.config module is NOT in modelscan's unsafe_globals blocklist.
modelscan Result
No issues found.