SlowMist|3月 25, 2026 03:13
🚨 SlowMist TI Alert: LiteLLM Supply Chain Attack
The widely used LLM routing library #LiteLLM (~97M monthly downloads) was recently reported to be affected by a PyPI supply chain attack. A suspected malicious version (1.82.8) may lead to sensitive data exposure upon installation.
⚠️ Potential impact includes:
• SSH keys
• Cloud credentials (AWS / GCP / Azure)
• Kubernetes configs
• Git credentials & API keys
• Shell history, database passwords, crypto wallets, etc.
Notably, the risk may be triggered automatically via a .pth mechanism during Python startup, meaning no explicit function call is required in certain cases.
💥 Potentially affected scenarios:
• Direct installation of LiteLLM
• Projects depending on LiteLLM
• Indirect dependencies (e.g. AI tooling ecosystems)
• Shared environments or containers
🔍 Suggested check:
pip show litellm
If version = 1.82.8, further investigation is recommended.
There are reports suggesting possible large-scale data exposure and credential leakage, though the full scope is still being assessed.
🛑 Recommended actions:
• Remove or replace the affected version
• Rotate relevant credentials as a precaution
• Review logs, access records, and sensitive data usage
Stay vigilant!(SlowMist)
Share To
HotFlash
APP
X
Telegram
CopyLink