You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

F005 Path Traversal Evidence Pack

Finding: F005 Title: Path traversal in joblib memmapping context_id escapes temp folder and normal cleanup deletes outside directory Date UTC: 2026-05-01T10:23:38+00:00

Primary confirmed facts:

joblib 1.5.3 accepts context_id='../../../victim' through get_memmapping_executor.
The registered and resolved temp folder path escapes the configured safe_root.
After set_current_context(payload), memmapping writes .pkl files into the escaped victim directory.
terminate(kill_workers=True) deletes the escaped victim directory in the lifecycle matrix.
Normal interpreter shutdown / atexit also deletes the escaped victim directory.
The live target health endpoint confirmed Python 3.10.20, joblib 1.5.3, and NumPy 2.2.6.

Important limits:

This is a local/library API primitive unless a service exposes context_id remotely.
This evidence does not claim successful HTTP exploitation through ts.01data.ai routes.
Impact is within the filesystem permissions of the running process.

Key evidence:

evidence/07_f005_exhaust_lifecycle_matrix_output.txt
evidence/08_f005_decisive_lifecycle_verdicts.txt
evidence/09_f005_lifecycle_tail_excerpt.txt
evidence/03_f005_real_get_memmapping_executor_output.txt
evidence/05_f005_real_executor_manager_cleanup_output.txt
source/SOURCE_REFERENCES.md
raw_http/01_live_health.txt

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support