ykilcher
/

totally-harmless-model

Feature Extraction

Model card Files Files and versions

fix: convert pytorch_model.bin to safetensors (RCE vulnerability)

#3

by abdellahennajari - opened 22 days ago

abdellahennajari

Vulnerability Found

pytorch_model.bin contains a CRITICAL RCE vulnerability:

Unsafe eval from builtin in Pickle payload
Anyone running torch.load() executes arbitrary code

Fix

Extracted 100 tensors with a custom SafeUnpickler
Converted to safetensors format (safe by design)
Verified clean with modelscan

Fork with fix: abdellahennajari/totally-harmless-model (branch: fix/convert-to-safetensors)

Upload images, audio, and videos by dragging in the text input, pasting, or clicking here.

Tap or paste here to upload images

· Sign up or log in to comment