| license: mit | |
| tags: | |
| - security-research | |
| - modelscan-bypass | |
| # Modelscan Bypass: marshal.loads() → Code Object Deserialization | |
| **⚠️ SECURITY RESEARCH ONLY** | |
| ## Vulnerability | |
| `marshal.loads()` deserializes Python code objects from bytes. Combined with `types.FunctionType()`, this enables constructing arbitrary executable functions from raw bytecode. | |
| ## Impact | |
| - **Type: Code Injection** — Deserialize arbitrary Python bytecode | |
| - Step 1 of a code execution chain | |
| - Modelscan result: **"No issues found"** | |
| ## Responsible Disclosure | |
| Gated access. Reported to ProtectAI via Huntr. | |