Security PoC — gated for review
This repository is publicly accessible, but you have to accept the conditions to access its files and content.
This repository hosts a proof-of-concept malicious model checkpoint for a coordinated huntr.com vulnerability disclosure. Access is restricted to security reviewers.
Log in or Sign Up to review the conditions and access this model content.
detectron2 DetectionCheckpointer — pickle deserialization RCE (PoC)
Proof-of-concept for a coordinated huntr.com disclosure against
facebookresearch/detectron2.
evil.pkl is a crafted detectron2 .pkl checkpoint. Loading it through the
public API:
import torch
from detectron2.checkpoint import DetectionCheckpointer
DetectionCheckpointer(torch.nn.Module()).load("evil.pkl") # or an http:// URL
triggers arbitrary OS command execution during pickle.load
(detectron2/checkpoint/detection_checkpoint.py:73). The bundled payload is
benign — it runs id and writes a marker to /tmp/detectron2_pwned.txt,
nothing destructive.
This repo is gated (manual approval) so the PoC file is not freely
downloadable; access is granted to huntr's reviewer (protectai-bot).