YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Joblib RCE via Pickle Deserialization
Vulnerability
joblib.load() deserializes Python objects using pickle internally, allowing arbitrary code execution when loading a malicious .joblib file.
Reproduction
pip install joblib
python3 poc.py
Impact
Any application that loads untrusted .joblib files (ML pipelines, model hubs) is vulnerable to RCE.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support