WolfpackArmy
/

pmml-xxe-dos-poc

Model card Files Files and versions

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PMML Model File Vulnerability PoC

Vulnerability

XXE (External Entity Injection), Billion Laughs XML Bomb, and Field Explosion in PMML model files

Files

poc_billion_laughs.pmml — 929 bytes, XML entity expansion to ~3GB (Billion Laughs attack)
poc_xxe.pmml — 539 bytes, reads /etc/passwd via XML external entity
poc_many_fields.pmml — 739KB, 10,000 DataField elements causing parser exhaustion
benign.pmml — Clean PMML for comparison

Reproduce

from lxml import etree
tree = etree.parse('poc_billion_laughs.pmml')  # Expands to ~3GB, OOM

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support