Private security contact request

[igorsantosgrueiro]

Hi maintainers,

I found a security issue in mamba-ssm related to model/checkpoint loading and would like to report it privately.

I do not see a SECURITY.md, private vulnerability reporting option, or security contact for this repository. Is there a preferred private email or GitHub Security Advisory route?

I will not share technical details, PoC code, or vulnerable source locations publicly.

[rehan243]

So I've seen similar issues with model loading in our production env at Reallytics.ai, we're using PyTorch 1.13 and we had to implement custom checkpoint validation to prevent arbitrary code execution. For mamba-ssm, you might want to add some basic validation on the checkpoint loading path, something like this:

import torch
# ... 
checkpoint_path = '/path/to/checkpoint.pth'
try:
    torch.load(checkpoint_path, weights_only=True)
except Exception as e:
    # handle exception, log error, etc.
    print(f"Error loading checkpoint: {e}")

We've been using this pattern with our RAG pipelines and it's worked pretty well so far. Not saying it's a silver bullet, but it's a good starting point — took us a few tries to get it right, but it's been solid since then.

[igorsantosgrueiro]

Thanks. I’d prefer not to discuss technical details fo the vulnerabilities or mitigations in this public issue until the maintainers confirm a private reporting channel.

Maintainers: please let me know the preferred private route for the full report.

[rehan243]

Oh, I see. Yeah, that makes sense. We've had to deal with similar stuff internally. Honestly, security's a pain, but it's crucial. For now, you might want to check out our internal security guidelines doc. It's not public, but it might give you some ideas on how to handle this until you get a response from the maintainers. It's got some good practices for validating checkpoints and other sensitive ops. Lmk if that helps, or if you need more specifics.