| library_name: joblib | |
| tags: | |
| - security-research | |
| - model-file-vulnerability | |
| - joblib | |
| - modelscan | |
| - responsible-disclosure | |
| # Joblib ModelScan Clean-Result Bypass PoC | |
| This repository contains a proof-of-concept model artifact for a responsible disclosure submission through Huntr's Model File Vulnerability program. | |
| The PoC is local-only and harmless. It demonstrates that a crafted `.joblib` file can be reported clean by ModelScan 0.8.8, then create a controlled marker file when loaded with `joblib.load()`. | |
| ## Files | |
| - `sourcefileloader_bypass.joblib` - crafted proof-of-concept model artifact | |
| - `reproduce.py` - local verification script used to generate, scan, and load the artifact | |
| ## Safety | |
| The payload: | |
| - creates only `/tmp/joblib_modelscan_sourcefileloader_marker` | |
| - writes the controlled text `modelscan-bypass-ok` | |
| - uses no network callback | |
| - does not read secrets | |
| - performs no destructive action | |
| ## Tested Environment | |
| - Python 3.12.13 | |
| - joblib 1.5.3 | |
| - modelscan 0.8.8 | |
| - macOS arm64 | |
| ## Artifact Hash | |
| ```text | |
| sourcefileloader_bypass.joblib | |
| SHA256: e912322903b850de2ef8e164e08174a56f1ff8dd660833222a4d344595ba8e7e | |
| ``` | |
| ## Responsible Disclosure | |
| This repository is intended only for authorized review by Huntr and Protect AI reviewers. Do not load the model outside an isolated local test environment. | |