Taggart

Heads up: LiteLLM, a very popular AI model wrapper, has been compromised. See the attached issue for details and recommended actions.

https://github.com/BerriAI/litellm/issues/24518

[Security]: litellm PyPI package compromised — full timeline and status · Issue #24518 · BerriAI/litellm

Summary The litellm PyPI package was compromised by an attacker who gained access to the maintainer's PyPI account. Malicious versions were published that steal credentials and exfiltrate them to a...

GitHub
3:04pmWeb
Show threadTaggart13h ago
No kidding, this package is in a lot more places than you might expect. PyPi has removed the package, but versions 1.82.7 and 1.82.8 are affected. Search for them in your environment now.
Show threadVarx13h ago
@mttaggart when you check your cluster and the container was on 1.82.6 . that was a close one.
Show threadR.C.13h ago
@varx @mttaggart official containers are thought to be unaffected (as of 16:03UTC )
Show threadTaggart12h ago

@RichardoC @varx Yes, based on pinning to earlier versions, per this comment:

https://github.com/BerriAI/litellm/issues/24518#issuecomment-4119145829