README.md

ModelScan Bypass — Arbitrary Code Execution via joblib Deserialization

Summary

This repository contains a proof-of-concept .joblib model file that achieves arbitrary code execution when loaded with joblib.load(), while evading ModelScan v0.8.8 detection entirely.

Reproduction

# Step 1: Scan the file (reports clean)
# pip install modelscan
# modelscan scan --path model.joblib

# Step 2: Load the file (executes code)
import joblib
joblib.load("model.joblib")

Files

• model.joblib — Uncompressed joblib file (ACE + scanner bypass via denylist gap)
• model_compressed.joblib — LZMA-compressed joblib file (ACE + scanner bypass via parsing failure)