1.82.7 is also impacted if I remember correctly. | Hacker News

Hacker News .hnnew | past | comments | ask | show | jobs | submit

		Imustaskforhelp 69 days ago \| parent \| context \| favorite \| on: Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are com... 1.82.7 is also impacted if I remember correctly.

GrayShade 69 days ago [–]

1.82.7 doesn't have litellm_init.pth in the archive. You can download them from pypi to check.

EDIT: no, it's compromised, see proxy/proxy_server.py.

cpburns2009 69 days ago | [–]

1.82.7 has the payload in `litellm/proxy/proxy_server.py` which executes on import.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact