RE: https://social.lansky.name/@hn100/116284293739977347

this exploit sounds very nasty. Here's what I did to check my ubuntu machine (it was clean):

`find . -iname 'litellm'`

(from root as sudo). This was the easiest way to check the entire machine. But, first I id'd all installs via:

`find . -type d -iname 'site-packages' #show all python lib locales`

(so venvs, system pythons, brew installs, snap installs, and god knows what else are covered)

then a sanity check:
`find . -iname 'setuptools' #commonly installed so should validate the cli command will work`

And then the first (most general) find command above.

This showed, that I had a really old version of the lib (pre exploit) installed under ~/.local via sys python, so I removed it, because I'm not using it anyway.

Hope this helps...