| license: mit | |
| tags: | |
| - security-research | |
| - modelscan-bypass | |
| # Modelscan Bypass: linecache.getline() → Arbitrary File Read | |
| **⚠️ SECURITY RESEARCH ONLY** | |
| ## Vulnerability | |
| `linecache.getline(filename, lineno)` reads arbitrary files. Not in modelscan's blocklist. | |
| ## Impact | |
| - **Type: Information Disclosure** — Read any file accessible to the process | |
| - Can read secrets, config files, private keys | |
| - Modelscan result: **"No issues found"** | |
| ## Responsible Disclosure | |
| Gated access. Reported to ProtectAI via Huntr. | |