Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised
127 by dot_treo | 302 comments on Hacker News.
About an hour ago new versions have been deployed to PyPI. I was just setting up a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running. I've investigated, and found that a base64 encoded blob has been added to proxy_server.py. It writes and decodes another file which it then runs. I'm in the process of reporting this upstream, but wanted to give everyone here a headsup. It is also reported in this issue: https://ift.tt/KxPEtf6
No comments:
Post a Comment