Hugging Face's logo

manja316
/
modelscan-bypass-telnetlib

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community
modelscan-bypass-telnetlib / README.md
manja316's picture
manja316
Upload folder using huggingface_hub
acafdf7 verified
preview code
|
raw
history blame contribute delete
894 Bytes
metadata 
library_name: pytorch
tags:
  - security-research
  - modelscan-bypass
license: mit

ModelScan Bypass PoC — telnetlib.Telnet

Security research for responsible disclosure via Huntr MFV program.

Vulnerability

telnetlib.Telnet is not in modelscan's unsafe_globals blocklist. When a pickle file containing this global is scanned by modelscan, it reports "No issues found." However, loading the file with pickle.loads() / torch.load() triggers immediate TCP/Telnet connection to attacker-controlled server on deserialization (SSRF/RCE via telnet protocol).

Impact

  • Severity: HIGH
  • Effect: immediate TCP/Telnet connection to attacker-controlled server on deserialization (SSRF/RCE via telnet protocol)
  • Bypass class: Module blocklist gap

Reproduction 

pip install modelscan
modelscan scan -p bypass_poc.pkl
# Output: "No issues found!"