4 matches found
PYSEC-2026-389 litellm vulnerable to remote code execution based on using eval unsafely
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...
GHSA-GPPG-GQW8-WH9G litellm vulnerable to remote code execution based on using eval unsafely
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...
PT-2024-37119
Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version v1.35.8 Description: The issue allows an attacker to achieve remote code execution. It exists in the add deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ...
PT-2024-33256 · Google · Google Kms
Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.6 Description: A code injection issue exists due to the use of unvalidated input in the eval function within the secret management system. This issue requires a valid Google KMS configuration file to be exploitabl...