CVE-2024-2952

Summary

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.

Affected Software

VendorProductVersion RangeStatus
berriaiberriai/litellmunspecified < 1.34.42affected

Weaknesses

  • CWE-76: CWE-76 Improper Neutralization of Equivalent Special Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References