Server-Side Template Injection (SSTI) Vulnerability in BerriAI/litellm
CVE-2024-2952

9.8CRITICAL

Key Information:

Vendor: Berriai
Status: Berriai/litellm
Vendor: CVE Published:; 10 April 2024

Summary

BerriAI's Litellm product is compromised by a vulnerability allowing Server-Side Template Injection (SSTI) through the /completions endpoint. The issue stems from the hf_chat_template method inadequately processing the chat_template parameter originating from the tokenizer_config.json file. This lack of proper sanitization enables attackers to craft malicious tokenizer_config.json files that can execute arbitrary code on the server. Without stringent checks and validation, the exploitation poses significant security risks, allowing for unauthorized commands to be run with the privileges of the server.

Affected Version(s)

berriai/litellm < 1.34.42

References

https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb5...

https://github.com/berriai/litellm/commit/8a1cdc901708b07...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Mar 26, 2024