407 matches found
LiteLLM SQL Injection Vulnerability
LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM 1.40.4 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to cause unauthorized access, data manipulation, disclosure of confidential informati...
Code Injection
litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...
aiconsole (>=0.2.0 <=0.2.13), aider-chat (>=0.29.0 <=0.31.1) +48 more potentially affected by CVE-2024-4888 via litellm (>=0.1.400 <=1.35.35)
litellm PYPI version =0.1.400, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.1.18 and more Source cves: CVE-2024-4888 Source advisory: OSV:GHSA-3XR8-QFVJ-9P9J...
aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4890 via litellm (>=0.1.400 <=1.26.13)
litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4890 Source advisory: OSV:GHSA-8J42-PCFM-3467...
GHSA-3XR8-QFVJ-9P9J Arbitrary file deletion in litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
agentic-devops (>=0.0.5 <=0.0.9), ai-agents (>=0.0.4 <=0.0.52) +62 more potentially affected by CVE-2024-5225 via litellm (>=0.1.400 <=1.38.8)
litellm PYPI version =0.1.400, =0.0.5, =0.0.4, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =4.5.263, =0.1.0, =0.1.17 and more Source cves: CVE-2024-5225 Source advisory: OSV:GHSA-H6M6-JJ8V-94JJ...
GHSA-H6M6-JJ8V-94JJ SQL injection in litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
GHSA-8J42-PCFM-3467 SQL injection in litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
SQL injection in litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
SQL injection in litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
Arbitrary file deletion in litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-5225
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
CVE-2024-4890
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-4890 Blind SQL Injection in berriai/litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-4890
The CVE-2024-4890 entry applies to the berriai/litellm project. A blind SQL injection exists in the /team/update flow due to improper handling of the user_id parameter in the raw SQL used to delete users, with affected version 1.27.14. Exploitation could yield unauthorized access to sensitive dat...
CVE-2024-4890 Blind SQL Injection in berriai/litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-4890 Blind SQL Injection in berriai/litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-5225 SQL Injection in berriai/litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...