Vulnerabilites related to berriai - berriai/litellm
cve-2024-5710
Vulnerability from cvelistv5
Published
2024-06-27 18:41
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:1.34.34:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { status: "affected", version: "1.34.34", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5710", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T19:53:47.660595Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T19:54:54.734Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:18:07.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "1.34.34", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.</p>", }, ], value: "berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-01T09:25:45.571Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970", }, ], source: { advisory: "70897f59-a966-4d93-b71e-745e3da91970", discovery: "EXTERNAL", }, title: "Improper Access Control in Team Management in berriai/litellm", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5710", datePublished: "2024-06-27T18:41:19.900Z", dateReserved: "2024-06-06T18:20:46.162Z", dateUpdated: "2024-08-01T21:18:07.053Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5225
Vulnerability from cvelistv5
Published
2024-06-06 18:19
Modified
2024-08-01 21:03
Severity ?
EPSS score ?
Summary
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5225", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-06T20:15:02.304609Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T20:15:18.960Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:19:48.938Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c", }, ], source: { advisory: "491e4884-0306-4cd4-8fe2-9a19de33bf5c", discovery: "EXTERNAL", }, title: "SQL Injection in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5225", datePublished: "2024-06-06T18:19:48.938Z", dateReserved: "2024-05-22T19:56:38.696Z", dateUpdated: "2024-08-01T21:03:11.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5751
Vulnerability from cvelistv5
Published
2024-06-27 18:40
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:1.35.8:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { status: "affected", version: "1.35.8", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5751", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T20:20:04.683432Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-02T19:00:11.936Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:18:07.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T18:40:49.896Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce", }, ], source: { advisory: "ae623c2f-b64b-4245-9ed4-f13a0a5824ce", discovery: "EXTERNAL", }, title: "Remote Code Execution in BerriAI/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5751", datePublished: "2024-06-27T18:40:49.896Z", dateReserved: "2024-06-07T16:33:15.277Z", dateUpdated: "2024-08-01T21:18:07.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6587
Vulnerability from cvelistv5
Published
2024-09-13 15:59
Modified
2024-09-13 16:53
Severity ?
EPSS score ?
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < 1.44.9 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { lessThan: "1.44.9", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-6587", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:52:13.638830Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:53:11.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThan: "1.44.9", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-13T15:59:53.557Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997", }, { url: "https://github.com/berriai/litellm/commit/ba1912afd1b19e38d3704bb156adf887f91ae1e0", }, ], source: { advisory: "4001e1a2-7b7a-4776-a3ae-e6692ec3d997", discovery: "EXTERNAL", }, title: "SSRF in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-6587", datePublished: "2024-09-13T15:59:53.557Z", dateReserved: "2024-07-08T21:33:48.001Z", dateUpdated: "2024-09-13T16:53:11.849Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8984
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-03-20 18:56
Severity ?
EPSS score ?
Summary
A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8984", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:54:05.357409Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:56:31.542Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:09:19.131Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355", }, ], source: { advisory: "554fc76b-3097-4223-b4cf-110b853e9355", discovery: "EXTERNAL", }, title: "Denial of Service (DoS) in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-8984", datePublished: "2025-03-20T10:09:19.131Z", dateReserved: "2024-09-18T20:50:25.840Z", dateUpdated: "2025-03-20T18:56:31.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4264
Vulnerability from cvelistv5
Published
2024-05-18 00:00
Modified
2024-09-03 19:16
Severity ?
EPSS score ?
Summary
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T20:33:53.229Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4264", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T19:26:40.591440Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T19:16:28.184Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-18T00:00:15.222Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61", }, ], source: { advisory: "a3221b0c-6e25-4295-ab0f-042997e8fc61", discovery: "EXTERNAL", }, title: "Remote Code Execution in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-4264", datePublished: "2024-05-18T00:00:15.222Z", dateReserved: "2024-04-26T17:24:03.780Z", dateUpdated: "2024-09-03T19:16:28.184Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10188
Vulnerability from cvelistv5
Published
2025-03-20 10:10
Modified
2025-03-20 18:16
Severity ?
EPSS score ?
Summary
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < 1.53.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10188", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:50:45.877796Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:16:28.780Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThan: "1.53.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:10:48.124Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b", }, { url: "https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c", }, ], source: { advisory: "96a32812-213c-4819-ba4e-36143d35e95b", discovery: "EXTERNAL", }, title: "Denial of Service in BerriAI/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-10188", datePublished: "2025-03-20T10:10:48.124Z", dateReserved: "2024-10-18T23:39:29.073Z", dateUpdated: "2025-03-20T18:16:28.780Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4888
Vulnerability from cvelistv5
Published
2024-06-06 18:31
Modified
2024-11-03 18:27
Severity ?
EPSS score ?
Summary
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:1.34.41:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { status: "affected", version: "1.34.41", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4888", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T19:29:54.576611Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T19:34:20.681Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-03T18:27:22.574Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c", }, ], source: { advisory: "48461d89-cf13-4ad3-a43e-0d37da08fc6c", discovery: "EXTERNAL", }, title: "Arbitrary File Deletion in BerriAI/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-4888", datePublished: "2024-06-06T18:31:09.735Z", dateReserved: "2024-05-14T22:30:58.413Z", dateUpdated: "2024-11-03T18:27:22.574Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0330
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-03-20 18:37
Severity ?
EPSS score ?
Summary
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0330", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:53:38.502014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:37:28.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1230", description: "CWE-1230 Exposure of Sensitive Information Through Metadata", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:09:34.164Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a", }, ], source: { advisory: "661b388a-44d8-4ad5-862b-4dc5b80be30a", discovery: "EXTERNAL", }, title: "Exposure of Sensitive Information in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2025-0330", datePublished: "2025-03-20T10:09:34.164Z", dateReserved: "2025-01-08T16:33:46.865Z", dateUpdated: "2025-03-20T18:37:28.101Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6825
Vulnerability from cvelistv5
Published
2025-03-20 10:11
Modified
2025-03-20 13:43
Severity ?
EPSS score ?
Summary
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-6825", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T13:42:48.482640Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T13:43:00.744Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:11:36.172Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/1d98bebb-6cf4-46c9-87c3-d3b1972973b5", }, ], source: { advisory: "1d98bebb-6cf4-46c9-87c3-d3b1972973b5", discovery: "EXTERNAL", }, title: "Remote Code Execution in BerriAI/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-6825", datePublished: "2025-03-20T10:11:36.172Z", dateReserved: "2024-07-16T23:27:36.399Z", dateUpdated: "2025-03-20T13:43:00.744Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9606
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-03-20 18:55
Severity ?
EPSS score ?
Summary
In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < 1.44.12 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9606", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:53:55.986774Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:55:27.073Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThan: "1.44.12", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-117", description: "CWE-117 Improper Output Neutralization for Logs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:09:24.180Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/4a03796f-a8d4-4293-84ef-d3959456223a", }, { url: "https://github.com/berriai/litellm/commit/9094071c4782183e84f10630e2450be3db55509a", }, ], source: { advisory: "4a03796f-a8d4-4293-84ef-d3959456223a", discovery: "EXTERNAL", }, title: "Improper Output Neutralization for Logs in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-9606", datePublished: "2025-03-20T10:09:24.180Z", dateReserved: "2024-10-07T21:32:43.479Z", dateUpdated: "2025-03-20T18:55:27.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2952
Vulnerability from cvelistv5
Published
2024-04-10 17:07
Modified
2024-08-01 19:32
Severity ?
EPSS score ?
Summary
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < 1.34.42 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { lessThan: "1.34.42", status: "affected", version: "1.23.2", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-2952", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T15:32:17.112100Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T16:51:12.428Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:32:42.587Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4", }, { tags: [ "x_transferred", ], url: "https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThan: "1.34.42", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-76", description: "CWE-76 Improper Neutralization of Equivalent Special Elements", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T11:10:21.535Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4", }, { url: "https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3", }, ], source: { advisory: "a9e0a164-6de0-43a4-a640-0cbfb54220a4", discovery: "EXTERNAL", }, title: "Server-Side Template Injection in BerriAI/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-2952", datePublished: "2024-04-10T17:07:52.935Z", dateReserved: "2024-03-26T18:00:46.844Z", dateUpdated: "2024-08-01T19:32:42.587Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4890
Vulnerability from cvelistv5
Published
2024-06-06 18:23
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:1.27.14:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { status: "affected", version: "1.27.14", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4890", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T19:35:28.209404Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T19:36:25.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:23:49.593Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2", }, ], source: { advisory: "a4f6d357-5b44-4e00-9cac-f1cc351211d2", discovery: "EXTERNAL", }, title: "Blind SQL Injection in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-4890", datePublished: "2024-06-06T18:23:49.593Z", dateReserved: "2024-05-14T22:59:45.190Z", dateUpdated: "2024-08-01T20:55:10.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4889
Vulnerability from cvelistv5
Published
2024-06-06 17:53
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:berriai:litellm:1.34.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "litellm", vendor: "berriai", versions: [ { status: "affected", version: "1.34.6", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4889", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-12T20:34:08.026659Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T20:34:14.108Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.313Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T17:53:35.202Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8", }, ], source: { advisory: "be3fda72-a65b-4993-9a0e-7e0f05db51f8", discovery: "EXTERNAL", }, title: "Code Injection in berriai/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-4889", datePublished: "2024-06-06T17:53:35.202Z", dateReserved: "2024-05-14T22:33:16.479Z", dateUpdated: "2024-08-01T20:55:10.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0628
Vulnerability from cvelistv5
Published
2025-03-20 10:10
Modified
2025-03-20 18:17
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| berriai | berriai/litellm |
Version: unspecified < v1.61.15-nightly |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0628", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:49:22.754243Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:17:09.855Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "berriai/litellm", vendor: "berriai", versions: [ { lessThan: "v1.61.15-nightly", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:10:45.400Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc", }, { url: "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b", }, ], source: { advisory: "6c0e2f75-2d03-42f9-9530-e16a973317fc", discovery: "EXTERNAL", }, title: "Improper Authorization in BerriAI/litellm", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2025-0628", datePublished: "2025-03-20T10:10:45.400Z", dateReserved: "2025-01-21T19:10:36.300Z", dateUpdated: "2025-03-20T18:17:09.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }