YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Joblib Pickle RCE PoC
Vulnerability: CWE-502 Pickle Deserialization RCE via dtype=object array in .joblib file format
CVSS: 9.0 Critical (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Affected: joblib <= 1.5.x (all versions)
File: joblib/numpy_pickle.py line 175
Reported via: huntr.com bug bounty
Quick Start
# DEMO — benign payload (writes to /tmp only)
python3 poc_joblib_pickle_rce.py --test
# Verify vulnerability in current source
python3 poc_joblib_pickle_rce.py --verify
Vulnerable Code
# joblib/numpy_pickle.py lines 173-175
if self.dtype.hasobject:
# The array contained Python objects. We need to unpickle the data.
array = pickle.load(unpickler.file_handle) # <- VULNERABLE
Impact
A 597-byte malicious .joblib file on HuggingFace Hub triggers RCE on joblib.load().
Responsible Disclosure
Reported via huntr.com Model File Format bug bounty.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support