You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Critical severity
GitHub Reviewed
Published
Apr 10, 2024
to the GitHub Advisory Database
•
Updated Apr 11, 2024
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the
/completions
endpoint. The vulnerability arises from thehf_chat_template
method processing thechat_template
parameter from thetokenizer_config.json
file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicioustokenizer_config.json
files that execute arbitrary code on the server.References