metadata
library_name: pytorch
tags:
- security-research
- modelscan-bypass
license: mit
ModelScan Bypass PoC — concurrent.futures.ProcessPoolExecutor
Security research for responsible disclosure via Huntr MFV program.
Vulnerability
concurrent.futures.ProcessPoolExecutor is not in modelscan's unsafe_globals blocklist.
modelscan reports "No issues found" but loading triggers creates process pool executor — spawns worker processes. subprocess and multiprocessing are blocked but concurrent.futures wraps them and is NOT blocked.
Impact: HIGH
Reproduction
pip install modelscan
modelscan scan -p bypass_poc.pkl
# Output: "No issues found!"