Vulnerability Description
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Litellm | Litellm | < 1.34.42 |
Related Weaknesses (CWE)
References
- https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0Patch
- https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4ExploitThird Party Advisory
- https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0Patch
- https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4ExploitThird Party Advisory
FAQ
What is CVE-2024-2952?
CVE-2024-2952 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` param...
How severe is CVE-2024-2952?
CVE-2024-2952 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-2952?
Check the references section above for vendor advisories and patch information. Affected products include: Litellm Litellm.