Lucene search

Veracode Vulnerability DatabaseVERACODE:46375

HistoryApr 12, 2024 - 3:42 a.m.

Server-side Template Injection (SSTI)

2024-04-1203:42:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ssti

vulnerability

jinja

arbitrary code

template engine

factory.py

tokenizer

insufficient sanitization

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

litellm is vulnerable to Server-Side Template Injection (SSTI). The vulnerability is due to insufficient sanitization within the hf_chat_template method in factory.py, which processes the chat_template parameter from the tokenizer_config.json file using the Jinja template engine, allowing attackers to execute arbitrary code on the server.

CPENameOperatorVersion
litellmle1.34.41
litellmle1.34.41

CPE	Name	Operator	Version
	litellm	le	1.34.41
	litellm	le	1.34.41

References

github.com/advisories/GHSA-46cm-pfwv-cgf8

github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087

github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3

github.com/BerriAI/litellm/issues/2949

github.com/BerriAI/litellm/pull/2941/commits

huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:46375