Lucene search
K

4 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-389 litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References7
OSV
OSV
added 2024/06/27 9:32 p.m.8 views

GHSA-GPPG-GQW8-WH9G litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

9.8CVSS7.4AI score0.00875EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.6 views

PT-2024-37119

Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version v1.35.8 Description: The issue allows an attacker to achieve remote code execution. It exists in the add deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.8 views

PT-2024-33256 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.6 Description: A code injection issue exists due to the use of unvalidated input in the eval function within the secret management system. This issue requires a valid Google KMS configuration file to be exploitabl...

7.2CVSS7.6AI score0.00859EPSS
Exploits1References5
Rows per page
Query Builder