metadata
license: mit
tags:
- security-research
- modelscan-bypass
Modelscan Bypass: linecache.getline() → Arbitrary File Read
⚠️ SECURITY RESEARCH ONLY
Vulnerability
linecache.getline(filename, lineno) reads arbitrary files. Not in modelscan's blocklist.
Impact
- Type: Information Disclosure — Read any file accessible to the process
- Can read secrets, config files, private keys
- Modelscan result: "No issues found"
Responsible Disclosure
Gated access. Reported to ProtectAI via Huntr.