manja316/modelscan-bypass-sysconfig

Modelscan Bypass PoC: sysconfig.get_paths Python path disclosure

Security research only.

Summary

Calls sysconfig.get_paths() revealing Python installation paths. sysconfig is not in modelscan's unsafe_globals blocklist. Info disclosure: reveals installation directories.

Reproduction

pip install modelscan
modelscan scan -p pytorch_model.bin  # No issues found
python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))"  # Executes

Affected: modelscan 0.7.6 (latest)

Disclosure: Submitted via Huntr.