← Back to context Comment by deep_noz 2 days ago good i was too lazy to bump versions 3 comments deep_noz Reply jadamson 2 days ago In case you missed it, according to the OP, the previous point release (1.82.7) is also compromised. dot_treo 2 days ago Yeah, that release has the base64 blob, but it didn't contain the pth file that auto triggers the malware on import. jadamson 2 days ago The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).The previous version triggers on `import litellm.proxy`Again, all according to the issue OP.[1] https://docs.python.org/3/library/site.html
jadamson 2 days ago In case you missed it, according to the OP, the previous point release (1.82.7) is also compromised. dot_treo 2 days ago Yeah, that release has the base64 blob, but it didn't contain the pth file that auto triggers the malware on import. jadamson 2 days ago The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).The previous version triggers on `import litellm.proxy`Again, all according to the issue OP.[1] https://docs.python.org/3/library/site.html
dot_treo 2 days ago Yeah, that release has the base64 blob, but it didn't contain the pth file that auto triggers the malware on import. jadamson 2 days ago The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).The previous version triggers on `import litellm.proxy`Again, all according to the issue OP.[1] https://docs.python.org/3/library/site.html
jadamson 2 days ago The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).The previous version triggers on `import litellm.proxy`Again, all according to the issue OP.[1] https://docs.python.org/3/library/site.html
In case you missed it, according to the OP, the previous point release (1.82.7) is also compromised.
Yeah, that release has the base64 blob, but it didn't contain the pth file that auto triggers the malware on import.
The latest version with the the pth file doesn't require an import to trigger the exploit (just having the package installed is enough thanks to [1]).
The previous version triggers on `import litellm.proxy`
Again, all according to the issue OP.
[1] https://docs.python.org/3/library/site.html