Upload folder using huggingface_hub

f8a4e49 verified about 2 months ago

579 Bytes

library_name: pytorch
tags:
  - security-research
  - modelscan-bypass
license: mit

ModelScan Bypass PoC — resource.setrlimit

Security research for responsible disclosure via Huntr MFV program.

Vulnerability

resource.setrlimit is not in modelscan's unsafe_globals blocklist. modelscan reports "No issues found" but loading triggers sets resource limits to 0 — DoS by preventing file opens, memory allocation, or process creation.

Impact: HIGH

Reproduction

pip install modelscan
modelscan scan -p bypass_poc.pkl
# Output: "No issues found!"