YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
joblib β Model Format Vulnerability PoC Bundle
This repository contains proof-of-concept .joblib files and reproduction
scripts for six model format vulnerabilities discovered in joblib 1.6.dev0
(HEAD 487ae2dcc6fd31208ba98ca467ccc9764fd6f320).
Each subfolder is a self-contained PoC for one vulnerability, with:
poc.joblibβ the malicious model filereproduce.pyβ script that loads the file and demonstrates impactREADME.mdβ vulnerability summary, severity, suggested fix
Findings
| ID | Severity | Title |
|---|---|---|
| F1 | HIGH | Arbitrary Code Execution via joblib.load() on a malicious .joblib file (with scanner-bypass angle) |
| F2 | LOW | Denial of Service via attacker-controlled bufsize in read_zfile |
| F6 | LOW | Silent data truncation under python -O in read_zfile |
| F19 | LOW | Denial of Service via RecursionError in joblib.hash() |
| F22 | LOW | Denial of Service via ZeroDivisionError in NumpyArrayWrapper.read_array |
| F27 | MEDIUM | Silent data truncation in BinaryGzipFile / BinaryZlibFile |
How to reproduce
For each PoC:
pip install joblib==1.6.dev0
cd <FINDING>
python3 reproduce.py
For F6, run additionally:
python3 -O reproduce.py
Environment
- joblib 1.6.dev0 commit
487ae2dcc6fd31208ba98ca467ccc9764fd6f320 - Python 3.x (any 3.9+)
- numpy 1.x or 2.x
Author
Audit performed as part of TensorSLC security research; submitted to huntr's Model Format Vulnerability bug bounty program.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support