[outside2344]

Is it just in 1.82.8 or are previous versions impacted?

[Imustaskforhelp]

1.82.7 is also impacted if I remember correctly.

[GrayShade]

1.82.7 doesn't have litellm_init.pth in the archive. You can download them from pypi to check.

EDIT: no, it's compromised, see proxy/proxy_server.py.

[cpburns2009]

1.82.7 has the payload in `litellm/proxy/proxy_server.py` which executes on import.