Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.7 views

CVE-2024-2952

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS9.7AI score0.01256EPSS
Exploits1References1
Circl
Circl
added 2024/04/12 8:26 a.m.7 views

CVE-2024-2952

creationtimestamp| type| source ---|---|--- 2024-04-12 08:26:51+00:00| seen| https://t.me/arpsyndicate/4564...

9.8CVSS8.7AI score0.01256EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.24 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS10AI score0.01256EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.15 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.8AI score0.01256EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:7 p.m.13 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.5AI score0.01256EPSS
Exploits1References4
CVE
CVE
added 2024/04/10 5:7 p.m.120 views

CVE-2024-2952

CVE-2024-2952 affects BerriAI/litellm. The vulnerability is an SSTI in the /completions endpoint: the hf_chat_template method processes the chat_template parameter from tokenizer_config.json using the Jinja template engine without proper sanitization, enabling attackers to craft malicious tokeniz...

9.8CVSS9.8AI score0.01256EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder