Hugging Face's logo

wulonchia
/
picklescan-bypass-posixsubprocess-poc

Joblib
security-research
proof-of-concept
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

Picklescan Bypass PoC via _posixsubprocess.fork_exec

⚠️ SECURITY RESEARCH ONLY — This repository contains a proof-of-concept malicious .joblib file.

Purpose

This is a gated repository for responsible disclosure purposes. The file malicious_model.joblib demonstrates a bypass of picklescan (v1.0.4) using _posixsubprocess.fork_exec.

DO NOT LOAD THIS FILE

Loading malicious_model.joblib with joblib.load() will execute arbitrary commands on your system.

Vulnerability

  • Scanner: picklescan v1.0.4
  • Bypass: _posixsubprocess.fork_exec is not in the blocklist
  • Impact: Arbitrary code execution that evades automated security scanning
  • CWE: CWE-502 (Deserialization of Untrusted Data)

Disclosure

This PoC is part of a responsible disclosure report submitted via Huntr.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support