modelscan-bypass-urllib-ssrf

Impact

HIGH - Server-side request forgery, data exfiltration

Technique

urllib.request.urlopen() - urllib not in blocklist

Verification

# Scan with modelscan - should show "No issues found"
modelscan scan -p model.pkl

# Execute to verify malicious behavior
python3 -c "import pickle; pickle.loads(open('model.pkl','rb').read())"

Details

Modelscan bypass via urllib.request.urlopen - SSRF Tested against modelscan v0.7.6 (latest PyPI release).