| tags: | |
| - security-research | |
| - modelscan-bypass | |
| # modelscan-bypass-pkgutil | |
| Security research PoC: pkgutil.find_loader + operator.methodcaller bypass | |
| **This is a security research artifact for responsible disclosure to ProtectAI/modelscan.** | |
| modelscan v0.7.6 reports "No issues found" for this file, but it executes arbitrary code on pickle.load(). | |