# Available backend options are: "jax", "torch", "tensorflow".
import os
os.environ["KERAS_BACKEND"] = "jax"
import keras
model = keras.saving.load_model("hf://manja316/modelscan-nested-lambda-rce")
Security Research โ Keras Nested Lambda Scanner Bypass
This model is for authorized security research only.
This repository demonstrates a vulnerability in ProtectAI's modelscan scanner (v0.8.8) where Lambda layers nested inside Functional or Sequential submodels evade detection.
Vulnerability
modelscan checks top-level config.layers for class_name == "Lambda" but does not recurse into nested submodel configurations. A malicious Lambda layer inside a nested Functional model passes scanning with "No issues found" but executes arbitrary code on keras.models.load_model().
Affected
- modelscan <= 0.8.8
- Both .keras and .h5 format
- Both Functional and Sequential nesting
Disclosure
Responsible disclosure via Huntr MFV program.
- Downloads last month
- 13
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support
# Gated model: Login with a HF token with gated access permission hf auth login