Hugging Face's logo

manja316
/
modelscan-bypass-timeit

PyTorch
Model card Files
xet
 Community
modelscan-bypass-timeit / README.md
manja316's picture
manja316
Upload README.md with huggingface_hub
2285472 verified
preview code
|
raw
history blame contribute delete
515 Bytes

modelscan-bypass-timeit

ProtectAI modelscan Bypass PoC

Module: timeit rce Impact: timeit.timeit RCE bypass - exec() on arbitrary string via pickle Scanner: modelscan 0.7.6 (latest on PyPI) Result: "No issues found" — bypass confirmed

Reproduction 

pip install modelscan
modelscan scan -p timeit_rce.pkl
# Output: "No issues found!"
# But pickle.load() executes the payload

Responsible Disclosure

This PoC is uploaded for responsible disclosure via Huntr MFV program.