YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
MFV PoC: logging.config._resolve Scanner Bypass
Malicious .joblib model file that achieves arbitrary code execution via logging.config._resolve pickle gadget.
Scanner Results
- picklescan 1.0.4: CLEAN (0 dangerous globals)
- modelscan 0.8.8: CLEAN (no issues found)
Files
malicious_system.joblib- 63-byte payload usingos.systemvia_resolvebuild_payload.py- PoC builder script
Reproduction
import joblib
joblib.load("malicious_system.joblib") # Executes: touch /tmp/pwned
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support