README.md

---
license: mit
tags:
  - modelscan-bypass
  - security-research
---

# ModelscanBypass logging.config.dictConfig

Security research: modelscan v0.7.6/v0.8.8 does not block `logging.config`.

## Vulnerability

`logging.config.dictConfig(config)` can create arbitrary files via FileHandler configuration. The `logging.config` module is NOT in modelscan's `unsafe_globals` blocklist.

## modelscan Result

```
No issues found.
```

## For Authorized Security Research Only