You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

TensorFlow SavedModel WholeFileReaderV2 PoC

Security research proof-of-concept for a TensorFlow SavedModel that uses legacy reader ops to read a local file through normal serving-signature execution.

This model is intentionally benign:

serving_default reads /etc/hosts.
read_file(filename) reads the local file path provided as a string tensor.

The purpose is to demonstrate that ModelScan 0.8.8 reports no issues even though the SavedModel contains local file-read behavior implemented with WholeFileReaderV2 and ReaderReadV2.

Do not load untrusted models in production.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support