Describe the bug
Reporting a security vulnerability in ModelScan through private disclosure, in accordance with the repository's SECURITY.md.
Technical details are intentionally withheld from this public issue and will be provided privately to security@protectai.com.
To Reproduce
Withheld from this public issue. Full reproduction steps, scanner output, a self-contained generator, and a proof-of-concept model file will be provided privately.
Expected behavior
ModelScan should identify unsafe executable content embedded in a supported model format rather than reporting the model as containing no issues.
Further details are included in the private report.
Screenshots
N/A
Environment (please complete the following information):
OS: Windows — local validation environment
ModelScan version: 0.8.8
ML framework version: Keras 3.14.1
Model serialization format: Keras Native (.keras)
Additional context
GitHub handle: anandppatil4383
A private report referencing this issue has been sent to security@protectai.com.
Proof-of-concept material will not be published while coordinated disclosure is in progress.
Describe the bug
Reporting a security vulnerability in ModelScan through private disclosure, in accordance with the repository's SECURITY.md.
Technical details are intentionally withheld from this public issue and will be provided privately to security@protectai.com.
To Reproduce
Withheld from this public issue. Full reproduction steps, scanner output, a self-contained generator, and a proof-of-concept model file will be provided privately.
Expected behavior
ModelScan should identify unsafe executable content embedded in a supported model format rather than reporting the model as containing no issues.
Further details are included in the private report.
Screenshots
N/A
Environment (please complete the following information):
OS: Windows — local validation environment
ModelScan version: 0.8.8
ML framework version: Keras 3.14.1
Model serialization format: Keras Native (.keras)
Additional context
GitHub handle: anandppatil4383
A private report referencing this issue has been sent to security@protectai.com.
Proof-of-concept material will not be published while coordinated disclosure is in progress.