Created
March 24, 2026 16:15
-
-
Save pascalwhoop/c52e0e555a258df6605a162081907738 to your computer and use it in GitHub Desktop.
Check for compromised litellm versions (1.82.7, 1.82.8) — supply chain attack March 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # check-litellm-compromise.sh | |
| # Checks for compromised litellm versions (1.82.7, 1.82.8) in: | |
| # - uv cache | |
| # - all uv.lock files under a given path (default: $HOME) | |
| # | |
| # Usage: ./check-litellm-compromise.sh [search_path] | |
| # Or: curl -fsSL <gist_raw_url> | bash -s /your/path | |
| set -eo pipefail | |
| SEARCH_PATH="${1:-$HOME}" | |
| COMPROMISED_VERSIONS=("1.82.7" "1.82.8") | |
| FOUND=0 | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| NC='\033[0m' | |
| echo "============================================" | |
| echo " LiteLLM Supply Chain Compromise Checker" | |
| echo " Checking for versions: ${COMPROMISED_VERSIONS[*]}" | |
| echo "============================================" | |
| echo "" | |
| # 1. Check for the malicious .pth file in Python site-packages | |
| echo "[1/3] Checking for litellm_init.pth in site-packages..." | |
| PTH_LOCATIONS=$(python3 -c "import site; print('\n'.join(site.getsitepackages()))" 2>/dev/null || true) | |
| PTH_FOUND=0 | |
| while IFS= read -r site_dir; do | |
| test -z "$site_dir" && continue | |
| if find "$site_dir" -name "litellm_init.pth" 2>/dev/null | grep -q .; then | |
| printf " ${RED}DANGER: litellm_init.pth found in %s -- rotate ALL credentials immediately${NC}\n" "$site_dir" | |
| PTH_FOUND=1 | |
| FOUND=1 | |
| fi | |
| done <<< "$PTH_LOCATIONS" | |
| test "$PTH_FOUND" -eq 0 && printf " ${GREEN}OK -- litellm_init.pth not found${NC}\n" | |
| echo "" | |
| # 2. Check uv cache | |
| echo "[2/3] Checking uv cache..." | |
| UV_CACHE_DIRS=("$HOME/.cache/uv" "$HOME/.local/share/uv/cache") | |
| if [ -n "${UV_CACHE_DIR:-}" ]; then | |
| UV_CACHE_DIRS=("$UV_CACHE_DIR") | |
| fi | |
| CACHE_FOUND=0 | |
| for cache_dir in "${UV_CACHE_DIRS[@]}"; do | |
| test -d "$cache_dir" || continue | |
| for version in "${COMPROMISED_VERSIONS[@]}"; do | |
| matches=$(find "$cache_dir" -name "litellm-${version}*" 2>/dev/null || true) | |
| if [ -n "$matches" ]; then | |
| printf " ${RED}FOUND in cache: %s${NC}\n" "$matches" | |
| printf " ${YELLOW}Run: uv cache clean litellm${NC}\n" | |
| CACHE_FOUND=1 | |
| FOUND=1 | |
| fi | |
| done | |
| done | |
| test "$CACHE_FOUND" -eq 0 && printf " ${GREEN}OK -- no compromised versions in uv cache${NC}\n" | |
| echo "" | |
| # 3. Check uv.lock files | |
| echo "[3/3] Scanning uv.lock files under $SEARCH_PATH ..." | |
| LOCK_FOUND=0 | |
| while IFS= read -r lockfile; do | |
| for version in "${COMPROMISED_VERSIONS[@]}"; do | |
| if grep -q "litellm-${version}" "$lockfile" 2>/dev/null; then | |
| printf " ${RED}FOUND litellm %s in: %s${NC}\n" "$version" "$lockfile" | |
| LOCK_FOUND=1 | |
| FOUND=1 | |
| fi | |
| done | |
| done < <(find "$SEARCH_PATH" -name "uv.lock" 2>/dev/null) | |
| test "$LOCK_FOUND" -eq 0 && printf " ${GREEN}OK -- no compromised versions in any uv.lock${NC}\n" | |
| echo "" | |
| echo "============================================" | |
| if [ "$FOUND" -eq 1 ]; then | |
| printf "${RED}RESULT: Compromised version(s) detected. See above.${NC}\n\n" | |
| echo "Remediation:" | |
| echo " 1. uv cache clean litellm" | |
| echo " 2. Rotate ALL credentials on this machine (SSH keys, cloud creds, API keys)" | |
| echo " 3. Pin litellm to <=1.82.6 until PyPI restores the package" | |
| exit 1 | |
| else | |
| printf "${GREEN}RESULT: No compromised litellm versions found.${NC}\n" | |
| exit 0 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment