YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Huntr MFV PoC bundle: ModelScan v0.8.8 misses 6 dangerous pickle globals
Six pickle files. Each is flagged dangerous by picklescan v1.0.4 and reported
No issues found! ๐ by ModelScan v0.8.8. Loading any of them via
joblib.load (or any pickle-based loader) runs attacker code or causes a
side effect on disk.
DO NOT DOWNLOAD AND LOAD. Each invokes a benign marker command
(touch /tmp/mfv_bundle_*); replacing it is trivial.
Gated to protectai-bot for Huntr triage. See the Huntr report for full detail.
Files
| File | First GLOBAL opcode | Effect |
|---|---|---|
bundle_A_pkgutil_resolve_name.joblib |
pkgutil.resolve_name |
os.system |
bundle_B_cProfile_run.joblib |
cProfile.run |
exec |
bundle_B2_profile_run.joblib |
profile.run |
exec |
bundle_C_pydoc_locate.joblib |
pydoc.locate |
os.system |
bundle_D_urllib_request_urlopen.joblib |
urllib.request.urlopen |
outbound HTTP |
bundle_E_logging_FileHandler.joblib |
logging.FileHandler |
file create |
Verify (one container)
docker run --rm -it python:3.11-slim sh -c '
pip install --no-cache-dir joblib==1.5.3 picklescan==1.0.4 modelscan==0.8.8 &&
mkdir -p /tmp/poc && cd /tmp/poc &&
# download all six (use HF git or huggingface_hub.snapshot_download)
# then for each:
for f in bundle_*.joblib; do
echo "=== $f ==="
modelscan -p "$f" 2>&1 | grep -E "No issues|CRITICAL|HIGH"
picklescan -p "$f" 2>&1 | grep -E "dangerous|FOUND"
done
'
Expected: every file โ ModelScan "No issues found! ๐", picklescan "FOUND".
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support