{"id":"GHSA-46cm-pfwv-cgf8","summary":"LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint","details":"BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.","aliases":["CVE-2024-2952"],"modified":"2024-04-11T16:01:57.658271Z","published":"2024-04-10T18:30:48Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2024-04-10T22:18:53Z","cwe_ids":["CWE-76"],"severity":"CRITICAL","nvd_published_at":"2024-04-10T17:15:54Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2952"},{"type":"WEB","url":"https://github.com/BerriAI/litellm/issues/2949"},{"type":"WEB","url":"https://github.com/BerriAI/litellm/pull/2941"},{"type":"WEB","url":"https://github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3"},{"type":"PACKAGE","url":"https://github.com/BerriAI/litellm"},{"type":"WEB","url":"https://github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087"},{"type":"WEB","url":"https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4"}],"affected":[{"package":{"name":"litellm","ecosystem":"PyPI","purl":"pkg:pypi/litellm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.34.42"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.201","0.1.202","0.1.203","0.1.204","0.1.205","0.1.206","0.1.207","0.1.208","0.1.209","0.1.210","0.1.211","0.1.212","0.1.213","0.1.214","0.1.215","0.1.216","0.1.217","0.1.218","0.1.219","0.1.220","0.1.221","0.1.222","0.1.223","0.1.224","0.1.225","0.1.226","0.1.227","0.1.228","0.1.229","0.1.2291","0.1.230","0.1.231","0.1.232","0.1.233","0.1.234","0.1.235","0.1.236","0.1.237","0.1.238","0.1.3","0.1.31","0.1.32","0.1.330","0.1.331","0.1.34","0.1.341","0.1.343","0.1.345","0.1.347","0.1.348","0.1.349","0.1.351","0.1.352","0.1.353","0.1.354","0.1.356","0.1.360","0.1.361","0.1.362","0.1.363","0.1.364","0.1.365","0.1.366","0.1.367","0.1.368","0.1.369","0.1.370","0.1.371","0.1.372","0.1.373","0.1.375","0.1.376","0.1.379","0.1.380","0.1.381","0.1.383","0.1.384","0.1.385","0.1.386","0.1.387","0.1.388","0.1.389","0.1.392","0.1.393","0.1.394","0.1.398","0.1.399","0.1.400","0.1.401","0.1.402","0.1.403","0.1.404","0.1.405","0.1.408","0.1.410","0.1.411","0.1.412","0.1.415","0.1.419","0.1.420","0.1.421","0.1.422","0.1.424","0.1.425","0.1.426","0.1.429","0.1.432","0.1.433","0.1.434","0.1.435","0.1.436","0.1.437","0.1.438","0.1.439","0.1.440","0.1.441","0.1.442","0.1.443","0.1.444","0.1.445","0.1.446","0.1.447","0.1.448","0.1.449","0.1.450","0.1.451","0.1.452","0.1.456","0.1.457","0.1.459","0.1.460","0.1.461","0.1.464","0.1.465","0.1.475","0.1.477","0.1.479","0.1.480","0.1.481","0.1.482","0.1.486","0.1.487","0.1.488","0.1.490","0.1.491","0.1.492","0.1.493","0.1.494","0.1.495","0.1.497","0.1.500","0.1.501","0.1.504","0.1.507","0.1.508","0.1.509","0.1.510","0.1.511","0.1.512","0.1.516","0.1.517","0.1.518","0.1.520","0.1.525","0.1.530","0.1.531","0.1.533","0.1.535","0.1.536","0.1.537","0.1.538","0.1.544","0.1.546","0.1.547","0.1.548","0.1.549","0.1.550","0.1.551","0.1.552","0.1.553","0.1.554","0.1.555","0.1.556","0.1.557","0.1.558","0.1.559","0.1.560","0.1.561","0.1.562","0.1.563","0.1.567","0.1.568","0.1.569","0.1.570","0.1.574","0.1.578","0.1.580","0.1.582","0.1.583","0.1.585","0.1.586","0.1.587","0.1.590","0.1.591","0.1.593","0.1.594","0.1.595","0.1.596","0.1.597","0.1.598","0.1.600","0.1.601","0.1.604","0.1.605","0.1.607","0.1.609","0.1.610","0.1.615","0.1.618","0.1.619","0.1.620","0.1.621","0.1.623","0.1.624","0.1.625","0.1.626","0.1.629","0.1.630","0.1.631","0.1.632","0.1.634","0.1.635","0.1.636","0.1.638","0.1.639","0.1.641","0.1.642","0.1.643","0.1.644","0.1.645","0.1.646","0.1.647","0.1.648","0.1.649","0.1.650","0.1.651","0.1.652","0.1.674","0.1.680","0.1.681","0.1.683","0.1.685","0.1.686","0.1.687","0.1.689","0.1.690","0.1.692","0.1.693","0.1.696","0.1.697","0.1.698","0.1.700","0.1.700.dev0","0.1.700.dev1","0.1.700.dev2","0.1.700.dev3","0.1.700.dev4","0.1.700.dev5","0.1.702","0.1.704","0.1.706","0.1.714","0.1.714.dev1","0.1.715","0.1.716","0.1.719","0.1.720","0.1.721","0.1.723","0.1.724","0.1.729","0.1.736","0.1.738","0.1.743","0.1.745","0.1.746","0.1.747","0.1.748","0.1.749","0.1.750","0.1.751","0.1.758","0.1.765","0.1.769","0.1.7701","0.1.7713","0.1.772","0.1.774","0.1.780","0.1.781","0.1.784","0.1.786","0.1.788","0.1.789","0.1.793","0.1.794","0.1.805","0.1.806","0.1.807","0.1.813","0.1.814","0.1.815","0.1.816","0.1.817","0.1.818","0.1.819","0.1.820","0.1.821","0.1.824","0.10.0","0.10.1","0.11.1","0.12.10","0.12.11","0.12.12","0.12.4","0.12.4.dev1","0.12.4.dev2","0.12.5","0.12.5.dev1","0.12.7","0.12.7.dev1","0.12.8","0.12.9","0.13.0","0.13.1","0.13.1.dev1","0.13.1.dev2","0.13.1.dev3","0.13.2","0.13.2.dev1","0.13.3.dev1","0.13.3.dev2","0.13.6.dev1","0.13.6.dev2","0.13.6.dev3","0.13.7.dev1","0.14.0","0.14.0.dev1","0.14.1","0.2.5","0.2.6","0.3.0","0.3.1","0.4.0","0.4.4","0.5.2","0.5.3","0.5.4","0.5.6","0.6.0","0.6.1","0.6.2","0.6.6","0.7.1","0.7.1.dev1","0.7.1.dev2","0.7.1.dev3","0.7.10","0.7.3","0.7.4","0.7.5","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.9.0","0.9.1","0.9.2","0.9.2.dev1","1.0.0","1.0.0.dev1","1.0.3","1.0.3.dev1","1.1.0","1.1.1","1.1.2","1.1.3","1.10.0","1.10.1","1.10.10","1.10.11","1.10.2","1.10.3","1.10.4","1.10.6","1.10.8","1.10.9","1.10.dev11","1.11.0","1.11.1","1.12.0","1.12.1","1.12.2","1.12.3","1.12.5","1.12.5.dev1","1.12.6","1.12.6.dev1","1.12.6.dev2","1.12.6.dev3","1.12.6.dev4","1.12.6.dev5","1.12.7","1.12.8","1.12.9","1.13.1","1.13.2","1.14.0","1.14.0.dev1","1.14.1","1.14.10","1.14.2","1.14.3","1.14.4","1.14.5","1.14.5.dev1","1.14.6","1.14.7","1.14.8","1.14.9","1.15.0","1.15.1","1.15.10","1.15.2","1.15.3","1.15.6","1.15.7","1.15.8","1.16.0","1.16.1","1.16.10","1.16.11","1.16.12","1.16.14","1.16.15","1.16.16","1.16.17","1.16.18","1.16.19","1.16.2","1.16.20","1.16.21","1.16.21.dev1","1.16.21.dev2","1.16.21.dev3","1.16.3","1.16.4","1.16.5","1.16.6","1.16.7","1.16.8","1.16.9","1.17.0","1.17.1","1.17.10","1.17.11.dev1","1.17.11.dev2","1.17.12","1.17.13","1.17.14","1.17.15","1.17.16","1.17.17","1.17.18","1.17.2","1.17.3","1.17.4","1.17.5","1.17.6","1.17.7","1.17.8","1.17.9","1.18.0","1.18.1","1.18.10","1.18.11","1.18.12","1.18.13","1.18.13.dev1","1.18.13.dev4","1.18.13.dev5","1.18.13.dev7","1.18.14.dev6","1.18.14.dev7","1.18.14.dev8","1.18.2","1.18.3","1.18.4","1.18.5","1.18.6","1.18.7","1.18.8","1.18.9","1.19.0","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.6","1.2.0","1.20.0","1.20.1","1.20.2","1.20.3","1.20.5","1.20.6","1.20.7","1.20.8","1.20.9","1.21.0","1.21.1","1.21.4","1.21.4.dev1","1.21.5","1.21.6","1.21.7","1.22.10","1.22.10.dev1","1.22.11","1.22.2","1.22.3","1.22.5","1.22.8","1.22.9","1.23.0","1.23.1","1.23.10","1.23.12","1.23.14","1.23.15","1.23.16","1.23.2","1.23.3","1.23.4","1.23.5","1.23.7","1.23.8","1.23.9","1.24.1","1.24.1.dev1","1.24.3","1.24.5","1.24.5.dev1","1.24.6","1.25.0","1.25.0.dev2","1.25.1","1.25.2","1.26.0","1.26.1","1.26.10","1.26.11","1.26.13","1.26.14.dev1","1.26.2","1.26.3","1.26.4","1.26.5","1.26.6","1.26.7","1.26.8","1.26.9","1.27.1","1.27.1.dev11","1.27.1.dev30","1.27.1.dev31","1.27.1.dev40","1.27.1.dev50","1.27.1.dev60","1.27.1.dev9","1.27.10","1.27.13.dev1","1.27.14","1.27.15","1.27.2.dev1","1.27.2.dev2","1.27.2.dev3","1.27.2.dev4","1.27.3","1.27.4","1.27.6","1.27.7","1.27.8","1.27.9","1.28.0","1.28.1","1.28.1.dev1","1.28.10","1.28.11","1.28.13","1.28.2","1.28.3","1.28.4","1.28.4.dev1","1.28.6","1.28.7","1.28.8","1.28.9","1.29.1","1.29.2.dev1","1.29.3","1.29.4","1.29.4.dev1","1.29.5","1.29.6.dev1","1.29.7","1.29.7.dev3","1.3.1","1.3.3","1.3.3.dev1","1.3.3.dev2","1.3.3.dev3","1.30.0","1.30.1","1.30.1.dev5","1.30.1.dev6","1.30.2","1.30.3","1.30.4","1.30.5","1.30.6","1.30.7","1.31.10","1.31.12","1.31.13","1.31.13.dev1","1.31.13.dev10","1.31.13.dev2","1.31.13.dev3","1.31.14","1.31.14.dev2","1.31.14.dev3","1.31.14.dev4","1.31.14.dev5","1.31.14.dev6","1.31.14.dev8","1.31.14.dev9","1.31.15","1.31.15.dev2","1.31.16","1.31.17","1.31.2","1.31.2.dev1","1.31.2.dev10","1.31.3","1.31.4","1.31.5","1.31.6","1.31.7","1.31.8","1.31.9","1.32.1","1.32.3","1.32.4","1.32.5.dev1","1.32.7","1.32.9","1.33.0","1.33.1","1.33.1.dev1","1.33.2","1.33.3","1.33.4","1.33.5.dev1","1.33.7","1.33.8","1.33.9","1.34.0","1.34.1","1.34.1.dev1","1.34.10","1.34.11","1.34.12","1.34.13","1.34.14","1.34.16","1.34.17","1.34.17.dev1","1.34.18","1.34.19","1.34.20","1.34.21","1.34.22","1.34.22.dev1","1.34.24.dev1","1.34.25","1.34.26","1.34.27","1.34.28","1.34.29","1.34.3","1.34.32","1.34.33","1.34.34","1.34.35","1.34.36","1.34.37","1.34.38","1.34.39","1.34.4","1.34.40","1.34.41","1.34.5","1.34.6","1.34.8","1.4.0","1.6.0","1.7.1","1.7.11","1.7.12","1.7.13","1.7.14","1.7.16","1.7.17","1.7.18","1.7.19","1.7.2","1.7.21","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.1","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.dev0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-46cm-pfwv-cgf8/GHSA-46cm-pfwv-cgf8.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}