#huggingface #pickle #exploit
Did you know that something as simple as loading a model can execute arbitrary code on your machine?
Try the model:
Get the code:
Sponsor: Weights & Biases
Go here:
OUTLINE:
0:00 – Introduction
1:10 – Sponsor: Weights & Biases
3:20 – How Hugging Face models are loaded
5:30 – From PyTorch to pickle
7:10 – Understanding how pickle saves data
13:00 – Executing arbitrary code
15:05 – The final code
17:25 – How can you protect yourself?
Links:
Homepage:
Merch:
YouTube:
Twitter:
Discord:
LinkedIn:
If you want to support me, the best thing to do is to share out the content 🙂
If you want to support me financially (completely optional and voluntary, but a lot of people have asked for this):
SubscribeStar:
Patreon:
Bitcoin (BTC): bc1q49lsw3q325tr58ygf8sudx2dqfguclvngvy2cq
Ethereum (ETH): 0x7ad3513E3B8f66799f507Aa7874b1B0eBC7F85e2
Litecoin (LTC): LQW2TRyKYetVC8WjFkhpPhtpbDM4Vw7r9m
Monero (XMR): 4ACL8AGrEo5hAir8A9CeVrW8pEauWvnp1WnSDZxW7tziCDLhZAGsgzhRQABDnFy8yuM9fWJDviJPHKRjV4FWt19CJZN9D4n
source
