metadata
license: mit
tags:
- security-research
- proof-of-concept
msgpack-numpy Scanner Evasion PoC (CWE-502)
Security Research - Proof of Concept
This repository contains a malicious .msgpack model file that embeds a pickle payload via msgpack-numpy's numpy object array serialization (dtype='O'). ProtectAI modelscan 0.8.8 returns SCAN_NOT_SUPPORTED for .msgpack files, so the embedded pickle payload bypasses safety scanning.
Files
malicious_model.msgpack— Malicious model file with embedded pickle payloadpoc.py— Full PoC script that creates the model, scans it, and demonstrates code execution
Usage
pip install msgpack msgpack-numpy modelscan
python poc.py
Disclaimer
This PoC is for authorized security research only. The payload writes a harmless sentinel file to /tmp/.