YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
⚠️ WARNING — Security Research PoC
DO NOT load this model in production environments. DO NOT use this model for any purpose other than security research.
What is this?
This repository contains a proof-of-concept (PoC) model file created for responsible security vulnerability disclosure via huntr.com.
Vulnerability Type
Scanner Bypass / Arbitrary Code Execution (CWE-502)
Backdoored .joblib model that evades picklescan detection via NumpyPickler binary data — executes arbitrary code on joblib.load().
Important Notes
- 🔴 This model is intentionally crafted to demonstrate a security vulnerability.
- 🔴 Loading this model WILL EXECUTE CODE on your system.
- 🔴 DO NOT load in any production, staging, or shared environment.
- The PoC payload is benign (launches calculator app) but the technique allows arbitrary code execution.
- This PoC exists solely to support a responsible disclosure report.
- This repository will be removed or made private after the vulnerability review process is complete.
Responsible Disclosure
This PoC is part of a responsible disclosure process through huntr.com. The goal is to help maintainers identify and fix security issues, not to cause harm.
If you have questions about this repository, please contact the author or refer to the associated huntr.com report.