Hugging Face's logo

manja316
/
modelscan-bypass-types-codetype

Joblib
security-research
Model card Files
xet
 Community
modelscan-bypass-types-codetype / README.md
manja316's picture
manja316
Add README
81d7c24 verified
preview code
|
raw
history blame contribute delete
750 Bytes
metadata 
license: mit
tags:
  - security-research

ModelScan Bypass PoC: types.CodeType + types.FunctionType

Security research demonstrating a scanner bypass in ProtectAI's modelscan.

DO NOT load these files in production environments.

Vulnerability

Pickle files using types.CodeType and types.FunctionType to construct arbitrary executable functions pass modelscan with zero issues. The malicious payload is embedded inside bytecode constants, invisible to the scanner's GLOBAL opcode inspection.

Files

  • types_bypass.pkl — Pickle format PoC (executes echo TYPES_CODETYPE_BYPASS_RCE)
  • types_bypass.joblib — Joblib format PoC (same payload)

Responsible Disclosure

Submitted via Huntr (ProtectAI's bug bounty program).