Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is SavedModel format secure from remote code execution (RCE) #256

Open
rsrinivasanhome opened this issue Feb 17, 2025 · 0 comments
Open

Is SavedModel format secure from remote code execution (RCE) #256

rsrinivasanhome opened this issue Feb 17, 2025 · 0 comments
Labels
bug Something isn't working documentation Improvements or additions to documentation

Comments

@rsrinivasanhome
Copy link

Describe the issue
In the below documentation - https://github.com/protectai/modelscan/blob/main/docs/model_serialization_attacks.md#security-implication
Reference to pickel being susceptible to remote code execution vulnerability is mentioned . What about Tensor SavedModel format ? Is this format secure . Refer link below

https://opensource.googleblog.com/2025/01/creating-safe-secure-ai-models.html

Relevant page
Link the page that should be addressed

Expected behavior/text
Guidance on usage of Tensor SavedModel . Do we need to worry about remote code execution vulnerability ?
@rsrinivasanhome rsrinivasanhome added bug Something isn't working documentation Improvements or additions to documentation labels Feb 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rsrinivasanhome