Rewards Hub The Python AI gateway library LiteLLM, with a monthly download rate of 97 million, has been compromised in a PyPI supply chain attack, according to 23pds, the Chief Information Security Officer at SlowMist. Attackers can exploit the library by executing the 'pip install litellm' command, enabling them to steal sensitive information from users' devices.
The compromised data includes SSH keys, cloud service credentials (AWS, GCP, Azure), Kubernetes configuration files, Git credentials, API keys from environment variables, shell history, cryptocurrency wallet information, and database passwords. Users are advised to exercise caution and verify the integrity of their installations.
LiteLLM Python Library Hit by PyPI Supply Chain Attack
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.