Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

Posted by dot_treo 1 day ago

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised(github.com)

About an hour ago new versions have been deployed to PyPI.

I was just setting up a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running.

I've investigated, and found that a base64 encoded blob has been added to proxy_server.py.

It writes and decodes another file which it then runs.

I'm in the process of reporting this upstream, but wanted to give everyone here a headsup.

It is also reported in this issue: https://github.com/BerriAI/litellm/issues/24512

697 points | 433 commentspage 8

cpburns2009 22 hours ago|

LiteLLM is now in quarantine on PyPI [1]. Looks like burning a recovery token was worth it.

[1]: https://pypi.org/project/litellm/

lightedman 19 hours ago||

Write it yourself, fuzz/test it yourself, and build it yourself, or be forever subject to this exact issue.

This was taught in the 90s. Sad to see that lesson fading away.

te_chris 22 hours ago||

I reviewed the LiteLLM source a while back. Without wanting to be mean, it was a mess. Steered well clear.

rnjs 21 hours ago|

Terrible code quality and terrible docs

Aeroi 19 hours ago||

whats up with the hundreds of bot replys on github to this?

zahlman 13 hours ago|

It seems to be a deliberate attempt to interfere with people discussing mitigations etc.

kstenerud 22 hours ago||

We need real sandboxing. Out-of-process sandboxing, not in-process. The attacks are only going to get worse.

That's why I'm building https://github.com/kstenerud/yoloai

Imustaskforhelp 22 hours ago||

Our modern economy/software industry truly runs on egg-shells nowadays that engineers accounts are getting hacked to create a supply-chain attack all at the same time that threat actors are getting more advanced partially due to helps of LLM's.

First Trivy (which got compromised twice), now LiteLLM.

johnhenry 21 hours ago||

I've been developing an alternative to LiteLLM. Javascript. No dependencies. https://github.com/johnhenry/ai.matey/

hmokiguess 21 hours ago||

what's up with everyone in the issue thread thanking it, is this an irony trend or is that a flex on account takeover from teampcp? this feels wild

faxanalysis 19 hours ago||

This is secure bug impacting PyPi v1.82.7, v1.82.8. The idea of bracketing r-w-x mod package permissions for group id credential where litellm was installed.

Ayc0 16 hours ago|

Exactly what I needed, thanks.

More comments...