Hugging Face's logo

manja316
/
modelscan-bypass-types-codetype

Joblib
security-research
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ModelScan Bypass PoC: types.CodeType + types.FunctionType

Security research demonstrating a scanner bypass in ProtectAI's modelscan.

DO NOT load these files in production environments.

Vulnerability

Pickle files using types.CodeType and types.FunctionType to construct arbitrary executable functions pass modelscan with zero issues. The malicious payload is embedded inside bytecode constants, invisible to the scanner's GLOBAL opcode inspection.

Files

  • types_bypass.pkl โ€” Pickle format PoC (executes echo TYPES_CODETYPE_BYPASS_RCE)
  • types_bypass.joblib โ€” Joblib format PoC (same payload)

Responsible Disclosure

Submitted via Huntr (ProtectAI's bug bounty program).

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support