9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
litellm is vulnerable to Server-Side Template Injection (SSTI). The vulnerability is due to insufficient sanitization within the hf_chat_template
method in factory.py
, which processes the chat_template
parameter from the tokenizer_config.json
file using the Jinja template engine, allowing attackers to execute arbitrary code on the server.
github.com/advisories/GHSA-46cm-pfwv-cgf8
github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087
github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3
github.com/BerriAI/litellm/issues/2949
github.com/BerriAI/litellm/pull/2941/commits
huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%