You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

⚠️ Security PoC — do NOT load outside a sandbox

This repository is a proof-of-concept for a huntr Model File Vulnerability (MFV) submission, not a real model.

evil_model.joblib is a crafted .joblib file demonstrating a scanner-evasion issue: it achieves arbitrary code execution on joblib.load() while picklescan and modelscan report it as clean. The technique is a pickletools.genops desync caused by a NumPy array's inline raw data bytes (see the linked huntr report for full detail).

Payload is harmless

The embedded __reduce__ runs only:

id > /tmp/JOBLIB_PWNED; echo 'ACE via joblib.load' >> /tmp/JOBLIB_PWNED

i.e. it writes a marker file to /tmp. It does not exfiltrate data, modify files, network, or cause damage. It exists solely to prove code execution for triage.

Verify (in a disposable sandbox/container only)

import joblib
joblib.load("evil_model.joblib")   # writes /tmp/JOBLIB_PWNED
# meanwhile:  picklescan -p evil_model.joblib  ->  "Infected files: 0"
#             modelscan  -p evil_model.joblib  ->  "No issues found! 🎉"

File integrity: sha256(evil_model.joblib) = dd6d22921e7b27b68d0522717ed2426bf0e17f3a0e3ad657df0e9d3674d30de4

This repo will be deleted after triage.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support