New top story on Hacker News: Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised
109 by dot_treo | 292 comments on Hacker News.
About an hour ago new versions have been deployed to PyPI. I was just setting up a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running. I've investigated, and found that a base64 encoded blob has been added to proxy_server.py. It writes and decodes another file which it then runs. I'm in the process of reporting this upstream, but wanted to give everyone here a headsup. It is also reported in this issue: https://ift.tt/jyvVB5a

• Tweet
• Share
• Share
• Share
• Share