YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
⚠️ WARNING — Security Research PoC
DO NOT load these files with
np.load(allow_pickle=True)in production environments. DO NOT use these files for any purpose other than security research.
What is this?
This repository contains proof-of-concept .npy and .npz files created for responsible security vulnerability disclosure via huntr.com.
Vulnerability Type
Scanner Bypass / Arbitrary Code Execution (CWE-502)
Malicious .npy and .npz files containing pickle RCE payloads that bypass modelscan 0.8.8 detection on numpy >= 2.3.0. modelscan uses np.lib.format._check_version which was removed in numpy 2.3.0, causing the scanner to crash silently and report "No issues found!" while the files contain executable pickle payloads.
Important Notes
- 🔴 These files contain pickle payloads that WILL EXECUTE CODE when loaded with
np.load(allow_pickle=True). - 🔴 DO NOT load in any production, staging, or shared environment.
- The PoC payload is benign (writes a proof file) but the technique allows arbitrary code execution.
- This repository will be removed or made private after the vulnerability review process is complete.
Responsible Disclosure
This PoC is part of a responsible disclosure process through huntr.com.