metadata
library_name: joblib
tags:
- security-research
- model-file-vulnerability
- joblib
- modelscan
- responsible-disclosure
Joblib ModelScan Clean-Result Bypass PoC
This repository contains a proof-of-concept model artifact for a responsible disclosure submission through Huntr's Model File Vulnerability program.
The PoC is local-only and harmless. It demonstrates that a crafted .joblib file can be reported clean by ModelScan 0.8.8, then create a controlled marker file when loaded with joblib.load().
Files
sourcefileloader_bypass.joblib- crafted proof-of-concept model artifactreproduce.py- local verification script used to generate, scan, and load the artifact
Safety
The payload:
- creates only
/tmp/joblib_modelscan_sourcefileloader_marker - writes the controlled text
modelscan-bypass-ok - uses no network callback
- does not read secrets
- performs no destructive action
Tested Environment
- Python 3.12.13
- joblib 1.5.3
- modelscan 0.8.8
- macOS arm64
Artifact Hash
sourcefileloader_bypass.joblib
SHA256: e912322903b850de2ef8e164e08174a56f1ff8dd660833222a4d344595ba8e7e
Responsible Disclosure
This repository is intended only for authorized review by Huntr and Protect AI reviewers. Do not load the model outside an isolated local test environment.