Lucene search

GoogleOSV:CVE-2024-2952

HistoryApr 10, 2024 - 5:15 p.m.

CVE-2024-2952

2024-04-1017:15:54

Google

osv.dev

berriai/litellm

server-side template injection

/completions

tokenizer_config.json

jinja template engine

sanitization

arbitrary code

vulnerability

software

exploit

cve-2024-2952

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.

CPENameOperatorVersion
litellmeq1.27.1
litellmeq1.28.1
litellmeq1.18.8
litellmeq1.18.13
litellmeq1.29.7
litellmeq1.34.4
litellmeq1.31.7
litellmeq1.34.4.dev1
litellmeq1.34.8.dev1
litellmeq1.31.3

Name	Operator	Version
litellm	eq	1.27.1
litellm	eq	1.28.1
litellm	eq	1.18.8
litellm	eq	1.18.13
litellm	eq	1.29.7
litellm	eq	1.34.4
litellm	eq	1.31.7
litellm	eq	1.34.4.dev1
litellm	eq	1.34.8.dev1
litellm	eq	1.31.3

Rows per page:

1-10 of 2511

References

github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3

huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for OSV:CVE-2024-2952