Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 23 days ago
Updated: 22 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-46cm-pfwv-cgf8, CVE-2024-2952
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2952
- https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4
- https://github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087
- https://github.com/BerriAI/litellm/issues/2949
- https://github.com/BerriAI/litellm/pull/2941
- https://github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3
- https://github.com/advisories/GHSA-46cm-pfwv-cgf8
Blast Radius: 0.0
Affected Packages
pypi:litellm
Dependent packages: 43Dependent repositories: 1
Downloads: 523,780 last month
Affected Version Ranges: < 1.34.42
Fixed in: 1.34.42
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.31, 0.1.32, 0.1.34, 0.1.201, 0.1.202, 0.1.203, 0.1.204, 0.1.205, 0.1.206, 0.1.207, 0.1.208, 0.1.209, 0.1.210, 0.1.211, 0.1.212, 0.1.213, 0.1.214, 0.1.215, 0.1.216, 0.1.217, 0.1.218, 0.1.219, 0.1.220, 0.1.221, 0.1.222, 0.1.223, 0.1.224, 0.1.225, 0.1.226, 0.1.227, 0.1.228, 0.1.229, 0.1.230, 0.1.231, 0.1.232, 0.1.233, 0.1.234, 0.1.235, 0.1.236, 0.1.237, 0.1.238, 0.1.330, 0.1.331, 0.1.341, 0.1.343, 0.1.345, 0.1.347, 0.1.348, 0.1.349, 0.1.351, 0.1.352, 0.1.353, 0.1.354, 0.1.356, 0.1.360, 0.1.361, 0.1.362, 0.1.363, 0.1.364, 0.1.365, 0.1.366, 0.1.367, 0.1.368, 0.1.369, 0.1.370, 0.1.371, 0.1.372, 0.1.373, 0.1.375, 0.1.376, 0.1.379, 0.1.380, 0.1.381, 0.1.383, 0.1.384, 0.1.385, 0.1.386, 0.1.387, 0.1.388, 0.1.389, 0.1.392, 0.1.393, 0.1.394, 0.1.398, 0.1.399, 0.1.400, 0.1.401, 0.1.402, 0.1.403, 0.1.404, 0.1.405, 0.1.408, 0.1.410, 0.1.411, 0.1.412, 0.1.415, 0.1.419, 0.1.420, 0.1.421, 0.1.422, 0.1.424, 0.1.425, 0.1.426, 0.1.429, 0.1.432, 0.1.433, 0.1.434, 0.1.435, 0.1.436, 0.1.437, 0.1.438, 0.1.439, 0.1.440, 0.1.441, 0.1.442, 0.1.443, 0.1.444, 0.1.445, 0.1.446, 0.1.447, 0.1.448, 0.1.449, 0.1.450, 0.1.451, 0.1.452, 0.1.456, 0.1.457, 0.1.459, 0.1.460, 0.1.461, 0.1.464, 0.1.465, 0.1.475, 0.1.477, 0.1.479, 0.1.480, 0.1.481, 0.1.482, 0.1.486, 0.1.487, 0.1.488, 0.1.490, 0.1.491, 0.1.492, 0.1.493, 0.1.494, 0.1.495, 0.1.497, 0.1.500, 0.1.501, 0.1.504, 0.1.507, 0.1.508, 0.1.509, 0.1.510, 0.1.511, 0.1.512, 0.1.516, 0.1.517, 0.1.518, 0.1.520, 0.1.525, 0.1.530, 0.1.531, 0.1.533, 0.1.535, 0.1.536, 0.1.537, 0.1.538, 0.1.544, 0.1.546, 0.1.547, 0.1.548, 0.1.549, 0.1.550, 0.1.551, 0.1.552, 0.1.553, 0.1.554, 0.1.555, 0.1.556, 0.1.557, 0.1.558, 0.1.559, 0.1.560, 0.1.561, 0.1.562, 0.1.563, 0.1.567, 0.1.568, 0.1.569, 0.1.570, 0.1.574, 0.1.578, 0.1.580, 0.1.582, 0.1.583, 0.1.585, 0.1.586, 0.1.587, 0.1.590, 0.1.591, 0.1.593, 0.1.594, 0.1.595, 0.1.596, 0.1.597, 0.1.598, 0.1.600, 0.1.601, 0.1.604, 0.1.605, 0.1.607, 0.1.609, 0.1.610, 0.1.615, 0.1.618, 0.1.619, 0.1.620, 0.1.621, 0.1.623, 0.1.624, 0.1.625, 0.1.626, 0.1.629, 0.1.630, 0.1.631, 0.1.632, 0.1.634, 0.1.635, 0.1.636, 0.1.638, 0.1.639, 0.1.641, 0.1.642, 0.1.643, 0.1.644, 0.1.645, 0.1.646, 0.1.647, 0.1.648, 0.1.649, 0.1.650, 0.1.651, 0.1.652, 0.1.674, 0.1.680, 0.1.681, 0.1.683, 0.1.685, 0.1.686, 0.1.687, 0.1.689, 0.1.690, 0.1.692, 0.1.693, 0.1.696, 0.1.697, 0.1.698, 0.1.700, 0.1.702, 0.1.704, 0.1.706, 0.1.714, 0.1.715, 0.1.716, 0.1.719, 0.1.720, 0.1.721, 0.1.723, 0.1.724, 0.1.729, 0.1.736, 0.1.738, 0.1.743, 0.1.745, 0.1.746, 0.1.747, 0.1.748, 0.1.749, 0.1.750, 0.1.751, 0.1.758, 0.1.765, 0.1.769, 0.1.772, 0.1.774, 0.1.780, 0.1.781, 0.1.784, 0.1.786, 0.1.788, 0.1.789, 0.1.793, 0.1.794, 0.1.805, 0.1.806, 0.1.807, 0.1.813, 0.1.814, 0.1.815, 0.1.816, 0.1.817, 0.1.818, 0.1.819, 0.1.820, 0.1.821, 0.1.824, 0.1.2291, 0.1.7701, 0.1.7713, 0.2.5, 0.2.6, 0.3.0, 0.3.1, 0.4.0, 0.4.4, 0.5.2, 0.5.3, 0.5.4, 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.6.6, 0.7.1, 0.7.3, 0.7.4, 0.7.5, 0.7.9, 0.7.10, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.9.0, 0.9.1, 0.9.2, 0.10.0, 0.10.1, 0.11.1, 0.12.4, 0.12.5, 0.12.7, 0.12.8, 0.12.9, 0.12.10, 0.12.11, 0.12.12, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 1.0.0, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.1, 1.3.3, 1.4.0, 1.6.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.16, 1.7.17, 1.7.18, 1.7.19, 1.7.21, 1.8.1, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.6, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.11.0, 1.11.1, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.14.5, 1.14.6, 1.14.7, 1.14.8, 1.14.9, 1.14.10, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.6, 1.15.7, 1.15.8, 1.15.10, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.16.5, 1.16.6, 1.16.7, 1.16.8, 1.16.9, 1.16.10, 1.16.11, 1.16.12, 1.16.14, 1.16.15, 1.16.16, 1.16.17, 1.16.18, 1.16.19, 1.16.20, 1.16.21, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.17.7, 1.17.8, 1.17.9, 1.17.10, 1.17.12, 1.17.13, 1.17.14, 1.17.15, 1.17.16, 1.17.17, 1.17.18, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.18.5, 1.18.6, 1.18.7, 1.18.8, 1.18.9, 1.18.10, 1.18.11, 1.18.12, 1.18.13, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.20.9, 1.21.0, 1.21.1, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.22.2, 1.22.3, 1.22.5, 1.22.8, 1.22.9, 1.22.10, 1.22.11, 1.23.0, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.23.5, 1.23.7, 1.23.8, 1.23.9, 1.23.10, 1.23.12, 1.23.14, 1.23.15, 1.23.16, 1.24.1, 1.24.3, 1.24.5, 1.24.6, 1.25.0, 1.25.1, 1.25.2, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.26.5, 1.26.6, 1.26.7, 1.26.8, 1.26.9, 1.26.10, 1.26.11, 1.26.13, 1.27.1, 1.27.3, 1.27.4, 1.27.6, 1.27.7, 1.27.8, 1.27.9, 1.27.10, 1.27.14, 1.27.15, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.28.4, 1.28.6, 1.28.7, 1.28.8, 1.28.9, 1.28.10, 1.28.11, 1.28.13, 1.29.1, 1.29.3, 1.29.4, 1.29.5, 1.29.7, 1.30.0, 1.30.1, 1.30.2, 1.30.3, 1.30.4, 1.30.5, 1.30.6, 1.30.7, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.12, 1.31.13, 1.31.14, 1.31.15, 1.31.16, 1.31.17, 1.32.1, 1.32.3, 1.32.4, 1.32.7, 1.32.9, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.33.7, 1.33.8, 1.33.9, 1.34.0, 1.34.1, 1.34.3, 1.34.4, 1.34.5, 1.34.6, 1.34.8, 1.34.10, 1.34.11, 1.34.12, 1.34.13, 1.34.14, 1.34.16, 1.34.17, 1.34.18, 1.34.19, 1.34.20, 1.34.21, 1.34.22, 1.34.25, 1.34.26, 1.34.27, 1.34.28, 1.34.29, 1.34.32, 1.34.33, 1.34.34, 1.34.35, 1.34.36, 1.34.37, 1.34.38, 1.34.39, 1.34.40, 1.34.41
All unaffected versions: 1.34.42, 1.35.0, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5