metadata
library_name: pytorch
tags:
- security-research
- modelscan-bypass
license: mit
ModelScan Bypass PoC — typing.ForwardRef
Security research for responsible disclosure via Huntr MFV program.
Vulnerability
typing.ForwardRef not in modelscan blocklist. Reports "No issues found" but triggers creates ForwardRef storing eval()-able string. When resolved (e.g. by get_type_hints), executes arbitrary code..
Impact: HIGH
Reproduction
pip install modelscan && modelscan scan -p bypass_poc.pkl
# "No issues found!"