5 hours ago
23
On Monday I posted that litellm 1.82.7 and 1.82.8 on PyPI contained credential-stealing malware (we were the first to disclose, and PyPI credited our report). To figure out how destructive the attack actually was, we pulled every package on PyPI that declares a dependency on litellm and checked their version specs against the compromised versions (using the specs that existed at the time of the attack, not after packages patched.)
Out of 2,337 dependent packages: 59% had lower-bound-only constraints, 16% had upper bounds that still included 1.82.x, and 12% had no constraint at all. Leaving only 12% that were safely pinned. Analysis: https://futuresearch.ai/blog/litellm-hack-were-you-one-of-the-47000/
47,000 downloads happened in the 46-minute window. 23,142 were pip installs of 1.82.8 (the version with the .pth payload that runs during pip install, before your code even starts.)
We built a free checker to look up whether a specific package was exposed: https://futuresearch.ai/tools/litellm-checker/
[link] [comments]
English (US) ·