VYPR
Critical severityNVD Advisory· Published Apr 10, 2024· Updated Aug 1, 2024

Server-Side Template Injection in BerriAI/litellm

CVE-2024-2952

Description

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
litellmPyPI
< 1.34.421.34.42

Affected products

2
  • ghsa-coords
    Range: < 1.34.42
  • berriai/berriai/litellmv5
    Range: unspecified

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.