Vulnerability DatabaseCVE-2024-2952
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-2952
April 10, 2024
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the "/completions" endpoint. The vulnerability arises from the "hf_chat_template" method processing the "chat_template" parameter from the "tokenizer_config.json" file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious "tokenizer_config.json" files that execute arbitrary code on the server.
Affected Packages
litellm (PYTHON):
Affected version(s)
Fix Suggestion:
Update to version 1.34.42
Additional Notes
The description of this vulnerability differs from MITRE.
Related ResourcesĀ (7)
https://github.com/BerriAI/litellm/issues/2949
https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3
https://github.com/BerriAI/litellm/pull/2941
https://github.com/BerriAI/litellm
https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4
https://nvd.nist.gov/vuln/detail/CVE-2024-2952
https://github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Neutralization of Equivalent Special Elements
CWE-76
EPSS
Base Score:
1.45