metadata
tags:
- security-research
- modelscan-bypass
license: mit
Modelscan Bypass PoC: sysconfig.get_paths Python path disclosure
Security research only.
Summary
Calls sysconfig.get_paths() revealing Python installation paths. sysconfig is not in modelscan's unsafe_globals blocklist. Info disclosure: reveals installation directories.
Reproduction
pip install modelscan
modelscan scan -p pytorch_model.bin # No issues found
python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))" # Executes