WolfpackArmy
/

tfjs-rce-dos-poc

Model card Files Files and versions

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

TensorFlow.js Model File Vulnerability PoC

Vulnerability

Prototype Pollution, Path Traversal, and OOM in TensorFlow.js model files

Files

poc_prototype_pollution.json — proto keys in model config for JS prototype pollution
poc_path_traversal.json — Weight paths with ../../ traversal to read arbitrary files
poc_oom_weights.json — 10 tensors claiming [100K, 100K] float32 each = 400GB total
benign_model.json — Clean model for comparison

Reproduce

const tf = require('@tensorflow/tfjs-node');
// Prototype pollution:
const model = await tf.loadLayersModel('file://./poc_prototype_pollution.json');
// Path traversal:
const model2 = await tf.loadLayersModel('file://./poc_path_traversal.json');

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support