CVE Vulnerabilities

CVE-2024-2952

Improper Neutralization of Equivalent Special Elements

Published: Apr 10, 2024 | Modified: Apr 15, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious tokenizer_config.json files that execute arbitrary code on the server.

Weakness

The product correctly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.

Potential Mitigations

References