CVE-2024-2952

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-2952

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2952.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-2952

Aliases

GHSA-46cm-pfwv-cgf8

Published

2024-04-10T17:15:54Z

Modified

2025-10-21T20:07:00.590654Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.

References

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type: GIT
Repo: https://github.com/berriai/litellm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3

Affected versions

1.*

1.16.12

1.16.13

1.16.14

1.34.2

1.34.20-stable

1.34.28.dev3

1.34.35-stable

1.34.39.dev1

1.34.40.dev1

Other

latest

pr-litellm-spend-logs-db

stable

test

v.*

v.1.32.34-stable

v0.*

v0.1.387

v0.1.492

v0.1.574

v0.1.738

v0.11.1

v0.8.4

v1.*

v1.1.0

v1.10.4

v1.11.1

v1.15.0

v1.15.5

v1.16-test2

v1.16-test3

v1.16-test4

v1.16.13

v1.16.15

v1.16.16

v1.16.17

v1.16.17-test

v1.16.17-test2

v1.16.17-test3

v1.16.18

v1.16.19

v1.16.20

v1.16.20.dev1

v1.16.20.dev3

v1.16.21

v1.16.3

v1.16.6

v1.17.0

v1.17.1

v1.17.10

v1.17.12

v1.17.13

v1.17.14

v1.17.15

v1.17.16

v1.17.17

v1.17.18

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.19.0

v1.19.2

v1.19.3

v1.19.4

v1.19.6

v1.20.0

v1.20.1

v1.20.2

v1.20.3

v1.20.5

v1.20.6

v1.20.7

v1.20.8

v1.20.9

v1.21.0

v1.21.1

v1.21.4

v1.21.5

v1.21.6

v1.21.7

v1.22.10

v1.22.11

v1.22.2

v1.22.3

v1.22.5

v1.22.8

v1.22.9

v1.23.0

v1.23.1

v1.23.10

v1.23.12

v1.23.14

v1.23.15

v1.23.16

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.7

v1.23.8

v1.23.9

v1.24.1

v1.24.3

v1.24.5

v1.24.6

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.1

v1.27.10

v1.27.14

v1.27.15

v1.27.4

v1.27.6

v1.27.7

v1.27.8

v1.27.9

v1.28.0

v1.28.1

v1.28.10

v1.28.11

v1.28.13

v1.28.2

v1.28.3

v1.28.4

v1.28.6

v1.28.7

v1.28.8

v1.28.9

v1.29.1

v1.29.3

v1.29.4

v1.29.5

v1.29.7

v1.30.0

v1.30.1

v1.30.2

v1.30.3

v1.30.4

v1.30.5

v1.30.6

v1.30.7

v1.31.10

v1.31.12

v1.31.12-dev

v1.31.12-dev1

v1.31.12-dev3

v1.31.13

v1.31.14

v1.31.15

v1.31.16

v1.31.17

v1.31.2

v1.31.3

v1.31.4

v1.31.5

v1.31.6

v1.31.7

v1.31.8

v1.31.9

v1.32.1

v1.32.3

v1.32.33-stable

v1.32.33.dev1

v1.32.4

v1.32.7

v1.32.7.dev1

v1.32.7.dev3

v1.32.7.dev5

v1.32.9

v1.33.0

v1.33.1

v1.33.2

v1.33.3

v1.33.4

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.34.10

v1.34.10.dev1

v1.34.12

v1.34.13

v1.34.14

v1.34.16

v1.34.17

v1.34.18

v1.34.19

v1.34.20

v1.34.21

v1.34.21-stable

v1.34.22

v1.34.22-stable

v1.34.22.dev15-stable

v1.34.23-stable

v1.34.25

v1.34.26

v1.34.27

v1.34.28

v1.34.28.dev12

v1.34.29

v1.34.3

v1.34.33

v1.34.34

v1.34.34.dev1

v1.34.35

v1.34.36

v1.34.36.dev2

v1.34.37

v1.34.37.dev1

v1.34.38

v1.34.39

v1.34.4

v1.34.4.dev1

v1.34.4.dev2

v1.34.40

v1.34.41

v1.34.5

v1.34.6

v1.34.8

v1.34.8.dev1

v1.7.1

v1.7.11