CVE-2024-2952 Information

Description

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.

Reference

https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4