Roast topics
Find topics
Roast it!
Roast topics
Find topics
Find it!
Login
From:
Huntr | Blog
(Uncensored)
subscribe
Pivoting Archive Slip Bugs into High-Value AI/ML Bounties
https://blog.huntr.com/pivoting-archive-slip-bugs-into-high-value-ai/ml-bounties
links
backlinks
Many ML model files— .nemo, .keras, .gguf, even trusty .pth— are just zip/tar archives in disguise. Feed one to a loader that blindly calls extractall()and pow, you’ve opened the door to an archive-slip (Zip Slip, TarSlip) directory-traversal bug.
