YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Flax/orbax Dtype Injection PoC
Vulnerability
_dtype_from_name() in both Flax and orbax passes untrusted dtype names
from msgpack checkpoint data directly to np.dtype() without validation.
Reproduction
python poc_dtype_injection.py
# Output: BUG TRIGGERED: cannot create an OBJECT array from memory buffer
Impact
DoS via crash when loading malicious Flax/orbax checkpoints.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support