Skip to content

fix: pin liteLLM upper bound to 1.82.6 to mitigate supply chain attack#1649

Closed
gn00295120 wants to merge 1 commit intoNVIDIA:mainfrom
gn00295120:fix/pin-litellm-safe-version
Closed

fix: pin liteLLM upper bound to 1.82.6 to mitigate supply chain attack#1649
gn00295120 wants to merge 1 commit intoNVIDIA:mainfrom
gn00295120:fix/pin-litellm-safe-version

Conversation

@gn00295120
Copy link
Copy Markdown
Contributor

@gn00295120 gn00295120 commented Mar 25, 2026

Summary

Closes #1648

liteLLM versions 1.82.7 and 1.82.8 were compromised by the TeamPCP hacking group via a supply chain attack through a malicious Trivy dependency. The current constraint litellm>=1.68.1 allows pip to resolve and install these compromised versions.

What the malicious versions do

  • Steal credentials: SSH keys, AWS credentials, GCP service account keys, Kubernetes secrets, CI/CD tokens (GitHub, GitLab, Jenkins, etc.)
  • Exfiltrate crypto wallets: Bitcoin, Ethereum, Solana, and other wallet files
  • Persistence mechanism (v1.82.8): Installs a .pth file in site-packages that re-executes the payload on every Python startup, surviving package upgrades and reinstalls

Fix

This PR caps the liteLLM dependency at <=1.82.6 (the last known safe version) in both:

  • requirements.txt
  • pyproject.toml

The constraint is now litellm>=1.68.1,<=1.82.6, preventing pip from pulling the compromised versions while maintaining the existing lower bound.

Note: This upper bound should be relaxed once BerriAI publishes a verified safe release above 1.82.6.

References

@gn00295120 @claude
fix: pin liteLLM upper bound to 1.82.6 to mitigate supply chain attack
3f441cd 
liteLLM versions 1.82.7 and 1.82.8 were compromised via a supply chain
attack. Pin the upper bound to <=1.82.6 (last known safe version) in
both requirements.txt and pyproject.toml.

Closes NVIDIA#1648

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 25, 2026 08:58
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR mitigates a reported supply-chain compromise in litellm by preventing dependency resolution to the affected releases, aligning the project’s install dependencies with a known-safe upper bound.

Changes:

  • Cap litellm to <=1.82.6 (while preserving the existing >=1.68.1 lower bound) in requirements.txt.
  • Apply the same litellm upper bound in pyproject.toml project dependencies.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
requirements.txt Adds an upper-bound constraint to prevent installing compromised litellm versions via pip -r.
pyproject.toml Adds the same upper-bound constraint for package installs via PEP 621 dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gn00295120 gn00295120 closed this Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gn00295120