You need to agree to share your contact information to access this model
This repository is publicly accessible, but you have to accept the conditions to access its files and content.
This repository contains a MALICIOUS proof-of-concept model file created for a huntr Model File Vulnerability (MFV) report. Do NOT load it with an untrusted or production JVM. Access is restricted to the reporter and huntr triage.
Log in or Sign Up to review the conditions and access this model content.
Encog SerializeObject.load β unfiltered Java deserialization β RCE (huntr MFV PoC)
β οΈ MALICIOUS SECURITY PROOF-OF-CONCEPT β DO NOT LOAD OUTSIDE AN ISOLATED SANDBOX.
This gated repository hosts the PoC model file for a huntr Model File Vulnerability report against
org.encog:encog-core v3.4.
Vulnerability
org.encog.util.obj.SerializeObject.load(File) reads a model file with a bare
ObjectInputStream.readObject() β no ObjectInputFilter, no allowlist, no resolveClass override.
Loading an attacker-supplied serialized "model" file triggers unauthenticated RCE during
deserialization (same class as DL4J ModelSerializer).
Files
evil-encog-model-urldns.serβ self-contained URLDNS payload (311 bytes). Serialized stream contains only JDK classes (java.util.HashMap+java.net.URL); no custom classes required to reproduce. Deserializing it (e.g. viaSerializeObject.load) performs an observable DNS lookup to an attacker-controlled host, proving attacker-controlled bytes drive outbound activity insidereadObject()before any type check.
Reproduce (pure JDK, zero compilation of custom classes)
// Any loader that calls ObjectInputStream.readObject() on the file triggers it, e.g. Encog's API:
org.encog.util.obj.SerializeObject.load(new File("evil-encog-model-urldns.ser"));
// -> DNS query to the host baked into the payload
To point the callback at your own collaborator, rebuild with the BuildUrldns.java builder included
in the huntr report attachments.
See the huntr report for full details, impact, and remediation.