YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PyTorch legacy zip fallback Zip Slip PoC
This repository contains a single-member zip (malicious.zip) whose member filename is ../pwned_by_zip_slip.txt.
When processed via PyTorch torch.hub.load_state_dict_from_url() legacy-zip fallback (torch/hub.py::_legacy_zip_load()), the call to ZipFile.extractall(model_dir) can write outside model_dir.
malicious.zipโ PoC archivepoc.pyโ generator script
Relevant code (PyTorch master):
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support