From c1e8b4d670bb8e7e5b69fc4ce9527fb0215f5989 Mon Sep 17 00:00:00 2001 From: Ninjeeter Date: Tue, 24 Mar 2026 10:59:04 -0700 Subject: [PATCH 1/3] Added LiteLLM vulnerability warning. --- src/app/tutorials/litellm.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/app/tutorials/litellm.md b/src/app/tutorials/litellm.md index 9f25659b..58e4eb23 100644 --- a/src/app/tutorials/litellm.md +++ b/src/app/tutorials/litellm.md @@ -4,6 +4,26 @@ description: "Learn how to configure LiteLLM, Caido, and Shift to use models fro # Using LiteLLM with Shift +::: danger +**March 24, 202610:52 UTC** + +The `litellm==1.82.8` wheel package on PyPI contains a malicious `.pth` file (_`litellm_init.pth`, 34,628 bytes_) that automatically executes a credential-stealing script every time the Python interpreter starts — no `import litellm` required. + +Anyone who installed `litellm==1.82.8` via `pip` has had all environment variables, SSH keys, cloud credentials, and other secrets collected and sent to an attacker-controlled server. + +The recommended actions to take are: + +- PyPI: Yank/remove `litellm 1.82.8` immediately. +- Users: Check for `litellm_init.pth` in your site-packages/directory. +- Users: Rotate ALL credentials that were present as environment variables or in config files on any system where `litellm 1.82.8` was installed. +- BerriAI: Audit PyPI publishing credentials and CI/CD pipeline for compromise. + +View more details and updates: + +- [https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/](https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/) +- [https://github.com/BerriAI/litellm/issues/24512](https://github.com/BerriAI/litellm/issues/24512) +::: + [LiteLLM](https://docs.litellm.ai/) is an open-source proxy/gateway that provides a unified interface for accessing multiple LLM providers. In this tutorial, you will learn how to configure LiteLLM, Caido, and [Shift](/app/tutorials/shift.md) to use models from various providers that are not directly supported. From 1e0564eace73653d1eb1967d031b47c9d612a821 Mon Sep 17 00:00:00 2001 From: Ninjeeter Date: Tue, 24 Mar 2026 11:09:36 -0700 Subject: [PATCH 2/3] Removed recommended actions for PyPI and LiteLLM dev. --- src/app/tutorials/litellm.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/app/tutorials/litellm.md b/src/app/tutorials/litellm.md index 58e4eb23..f2f7588b 100644 --- a/src/app/tutorials/litellm.md +++ b/src/app/tutorials/litellm.md @@ -13,10 +13,9 @@ Anyone who installed `litellm==1.82.8` via `pip` has had all environment variabl The recommended actions to take are: -- PyPI: Yank/remove `litellm 1.82.8` immediately. -- Users: Check for `litellm_init.pth` in your site-packages/directory. -- Users: Rotate ALL credentials that were present as environment variables or in config files on any system where `litellm 1.82.8` was installed. -- BerriAI: Audit PyPI publishing credentials and CI/CD pipeline for compromise. +- Remove/uninstall `litellm 1.82.8` immediately. +- Check for `litellm_init.pth` in your site-packages/directory. +- Rotate ALL credentials that were present as environment variables or in config files on any system where `litellm 1.82.8` was installed. View more details and updates: From 9c931ec63b45aa1bb1d7c7735ef4722dce426202 Mon Sep 17 00:00:00 2001 From: Ninjeeter Date: Tue, 24 Mar 2026 11:26:46 -0700 Subject: [PATCH 3/3] Added other affected version. --- src/app/tutorials/litellm.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/app/tutorials/litellm.md b/src/app/tutorials/litellm.md index f2f7588b..43375f84 100644 --- a/src/app/tutorials/litellm.md +++ b/src/app/tutorials/litellm.md @@ -5,15 +5,11 @@ description: "Learn how to configure LiteLLM, Caido, and Shift to use models fro # Using LiteLLM with Shift ::: danger -**March 24, 202610:52 UTC** - -The `litellm==1.82.8` wheel package on PyPI contains a malicious `.pth` file (_`litellm_init.pth`, 34,628 bytes_) that automatically executes a credential-stealing script every time the Python interpreter starts — no `import litellm` required. - -Anyone who installed `litellm==1.82.8` via `pip` has had all environment variables, SSH keys, cloud credentials, and other secrets collected and sent to an attacker-controlled server. +**On March 24, 2026 at 10:52 UTC versions v1.82.7 and v1.82.8 of the `litellm` package on PyPI were found to be compromised with credential-stealing malware.** The recommended actions to take are: -- Remove/uninstall `litellm 1.82.8` immediately. +- Remove/uninstall `litellm 1.82.7`/`litellm 1.82.8` immediately. - Check for `litellm_init.pth` in your site-packages/directory. - Rotate ALL credentials that were present as environment variables or in config files on any system where `litellm 1.82.8` was installed.