Security Advisory

CVE-2024-2952

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-10 17:07:52

Last updated 2024-08-01 19:32:42

Assigner @huntr_ai

State PUBLISHED

Description

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.

← Browse all CVEs View on cve.org ↗