metadata
license: mit
tags:
- security-research
- modelscan-bypass
Modelscan Bypass: marshal.loads() → Code Object Deserialization
⚠️ SECURITY RESEARCH ONLY
Vulnerability
marshal.loads() deserializes Python code objects from bytes. Combined with types.FunctionType(), this enables constructing arbitrary executable functions from raw bytecode.
Impact
- Type: Code Injection — Deserialize arbitrary Python bytecode
- Step 1 of a code execution chain
- Modelscan result: "No issues found"
Responsible Disclosure
Gated access. Reported to ProtectAI via Huntr.