Upload README.md with huggingface_hub
Browse files
README.md
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
---
|
| 2 |
+
tags:
|
| 3 |
+
- security-research
|
| 4 |
+
- modelscan-bypass
|
| 5 |
+
---
|
| 6 |
+
|
| 7 |
+
# modelscan-bypass-pipes-template
|
| 8 |
+
|
| 9 |
+
Security research: demonstrates modelscan bypass via pipes.Template shell command execution.
|
| 10 |
+
|
| 11 |
+
## Vulnerability
|
| 12 |
+
|
| 13 |
+
pipes.Template is not in modelscan's unsafe_globals blocklist.
|
| 14 |
+
Combined with operator.methodcaller (also unblocked), this achieves
|
| 15 |
+
arbitrary shell command execution that passes modelscan with "No issues found".
|
| 16 |
+
|
| 17 |
+
## Chain
|
| 18 |
+
|
| 19 |
+
1. pipes.Template() → template object
|
| 20 |
+
2. template.append(CMD, "--") → mutates template with shell command
|
| 21 |
+
3. template.open("/dev/null", "r") → EXECUTES the command pipeline
|
| 22 |
+
|
| 23 |
+
## Affected
|
| 24 |
+
|
| 25 |
+
- modelscan 0.7.6 (latest PyPI)
|
| 26 |
+
- modelscan GitHub main
|
| 27 |
+
|
| 28 |
+
## Remediation
|
| 29 |
+
|
| 30 |
+
Add "pipes": "*" to unsafe_globals in settings.py.
|