You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ModelScope image-to-3d YAML PoC

This repository contains a benign proof-of-concept for a ModelScope 1.38.1 image-to-3d model-loading vulnerability.

The relevant file is syncdreamer.yaml. It demonstrates attacker-controlled Python class resolution through:

Image23DPipeline.__init__ -> load_model() -> OmegaConf.load(syncdreamer.yaml) -> instantiate_from_config(config.model) -> get_obj_from_str(config["target"]) -> importlib.import_module(module) -> cls(**params).

The PoC target is logging.FileHandler, which creates /tmp/modelscope_image3d_d22_canary when instantiated. No shell command is executed.

Expected behavior when loaded through ModelScope's image-to-3d path:

  1. syncdreamer.yaml is parsed.
  2. logging.FileHandler is imported and instantiated from model.target.
  3. /tmp/modelscope_image3d_d22_canary is created.
  4. Loading may then fail because this minimal PoC does not include real model weights; the side effect has already occurred.
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support