fix: convert pytorch_model.bin to safetensors (RCE vulnerability)
#3
by abdellahennajari - opened
Vulnerability Found
pytorch_model.bin contains a CRITICAL RCE vulnerability:
- Unsafe eval from builtin in Pickle payload
- Anyone running torch.load() executes arbitrary code
Fix
- Extracted 100 tensors with a custom SafeUnpickler
- Converted to safetensors format (safe by design)
- Verified clean with modelscan
Fork with fix: abdellahennajari/totally-harmless-model (branch: fix/convert-to-safetensors)