Civitai
Stop supporting pickle #1053
MoonRide303
started this conversation in
Ideas
Stop supporting pickle
#1053
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Pickle format is inherently insecure and allows execution of arbitrary code. Multiple models with malicious code were recently identified on HuggingFace by JFrog Security Team - threat is real, and picklescan might be not enough to prevent it.
Simplest solution to this could be supporting only secure formats like safetensors, and do not allow uploading pickle files. Conversion is pretty trivial, so model developers shouldn't have any problems with that.
Beta Was this translation helpful? Give feedback.
All reactions