Description
Hi, @mazpie, I'd like to report that a potentially risky pretrained model is being used in this project, which may pose deserialization threats. Please check the following code example:
• demo/t2v.py
def download_model(self, model_folder, model_filename):
REPO_ID = 'mazpie/genrl_models'
filename_list = [model_filename]
if not os.path.exists(model_folder):
os.makedirs(model_folder)
for filename in filename_list:
local_file = os.path.join(model_folder, filename)
if not os.path.exists(local_file):
hf_hub_download(repo_id=REPO_ID, filename=filename, local_dir=model_folder, local_dir_use_symlinks=False)class Text2Video():
···
if not os.path.isfile(os.path.join(model_folder, model_filename)):
self.download_model(model_folder, model_filename)
self.agent = torch.load(os.path.join(model_folder, model_filename))
Issue Description
As shown above, in the demo/t2v.py file, the model "mazpie/genrl_models" is downloaded and loaded by the torch.load method.
This model has been flagged as risky on the HuggingFace platform. Specifically, its genrl_cheetah_500k_2.pt and genrl_kitchen_500k_0.ptand other three file is marked as malicious and may trigger deserialization threats. Once model is load, the vulnerability could be activated.
Related Risk Reports:mazpie/genrl_models
Suggested Repair Methods
- Upgrade torch to a version above 2.6.0, and you will find that this dangerous loading has been prohibited
- Convert the model to sa 54A5 fer safetensors format and re-upload
- Check the model file carefully. If no issues are found, report the false threat to the scanning platform
As one an popular machine learning projects(star:78), every potential risk could be propagated and amplified. Could you please address the above issues?
Thanks for your help~
Best regards,
Sliverhand