Critical severityNVD Advisory· Published Apr 10, 2024· Updated Aug 1, 2024
Server-Side Template Injection in BerriAI/litellm
CVE-2024-2952
Description
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
litellmPyPI | < 1.34.42 | 1.34.42 |
Affected products
2- berriai/berriai/litellmv5Range: unspecified
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-46cm-pfwv-cgf8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-2952ghsaADVISORY
- github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.pyghsaWEB
- github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3ghsaWEB
- github.com/BerriAI/litellm/issues/2949ghsaWEB
- github.com/BerriAI/litellm/pull/2941ghsaWEB
- huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4ghsaWEB
- github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3mitre
News mentions
0No linked articles in our index yet.