Security PoC — gated for review

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

This repository hosts a proof-of-concept malicious model checkpoint for a coordinated huntr.com vulnerability disclosure. Access is restricted to security reviewers.

Log in or Sign Up to review the conditions and access this model content.

detectron2 DetectionCheckpointer — pickle deserialization RCE (PoC)

Proof-of-concept for a coordinated huntr.com disclosure against facebookresearch/detectron2.

evil.pkl is a crafted detectron2 .pkl checkpoint. Loading it through the public API:

import torch
from detectron2.checkpoint import DetectionCheckpointer
DetectionCheckpointer(torch.nn.Module()).load("evil.pkl")   # or an http:// URL

triggers arbitrary OS command execution during pickle.load (detectron2/checkpoint/detection_checkpoint.py:73). The bundled payload is benign — it runs id and writes a marker to /tmp/detectron2_pwned.txt, nothing destructive.

This repo is gated (manual approval) so the PoC file is not freely downloadable; access is granted to huntr's reviewer (protectai-bot).

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support