Replies: 2 comments
-
A lot of checkpoints like the official SD1.5 ckpt for example cannot be loaded with weights_only=True that's why this option is only enabled for a few types of models. If you want to be safe you have to only allow people people to upload .safetensors files. |
Beta Was this translation helpful? Give feedback.
0 replies
-
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Expected Behavior
This is the reference document of pytorch. Use the safe parameter weights_only=True
Actual Behavior
default to set safe_load=False which leading to pickle deserialization vulnerability
Steps to Reproduce
Debug Logs
Other
As a very influential open source project, we suggest you enable the Security Policy feature of GitHub. For sensitive information, you can communicate through other channels instead of issues.
Beta Was this translation helpful? Give feedback.
All reactions