Lucene search
K

407 matches found

CNVD
CNVD
added 2024/06/13 12:0 a.m.5 views

LiteLLM SQL Injection Vulnerability

LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM 1.40.4 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to cause unauthorized access, data manipulation, disclosure of confidential informati...

7.2CVSS7.4AI score0.00429EPSS
Exploits1References1
Veracode
Veracode
added 2024/06/12 5:14 a.m.12 views

Code Injection

litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...

7.2CVSS7.8AI score0.00859EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2024/06/06 9:30 p.m.4 views

aiconsole (>=0.2.0 <=0.2.13), aider-chat (>=0.29.0 <=0.31.1) +48 more potentially affected by CVE-2024-4888 via litellm (>=0.1.400 <=1.35.35)

litellm PYPI version =0.1.400, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.1.18 and more Source cves: CVE-2024-4888 Source advisory: OSV:GHSA-3XR8-QFVJ-9P9J...

8.1CVSS6.7AI score0.00614EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/06/06 9:30 p.m.5 views

aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4890 via litellm (>=0.1.400 <=1.26.13)

litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4890 Source advisory: OSV:GHSA-8J42-PCFM-3467...

4.9CVSS5.5AI score0.0056EPSS
Exploits1
OSV
OSV
added 2024/06/06 9:30 p.m.3 views

GHSA-3XR8-QFVJ-9P9J Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

7CVSS6.9AI score0.00614EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2024/06/06 9:30 p.m.4 views

agentic-devops (>=0.0.5 <=0.0.9), ai-agents (>=0.0.4 <=0.0.52) +62 more potentially affected by CVE-2024-5225 via litellm (>=0.1.400 <=1.38.8)

litellm PYPI version =0.1.400, =0.0.5, =0.0.4, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =4.5.263, =0.1.0, =0.1.17 and more Source cves: CVE-2024-5225 Source advisory: OSV:GHSA-H6M6-JJ8V-94JJ...

7.2CVSS6.7AI score0.00429EPSS
Exploits1
OSV
OSV
added 2024/06/06 9:30 p.m.11 views

GHSA-H6M6-JJ8V-94JJ SQL injection in litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

6.4CVSS6.8AI score0.00429EPSS
Exploits1References5
OSV
OSV
added 2024/06/06 9:30 p.m.10 views

GHSA-8J42-PCFM-3467 SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.4AI score0.0056EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.38 views

SQL injection in litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

7.2CVSS6.7AI score0.00429EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.32 views

SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.5AI score0.0056EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.22 views

Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

8.1CVSS6.6AI score0.00614EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/06/06 7:16 p.m.39 views

CVE-2024-5225

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

7.2CVSS0.00429EPSS
Exploits1References1
NVD
NVD
added 2024/06/06 7:16 p.m.22 views

CVE-2024-4890

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS0.0056EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:31 p.m.16 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS7.3AI score0.00614EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/06 6:31 p.m.38 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS0.00614EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:23 p.m.17 views

CVE-2024-4890 Blind SQL Injection in berriai/litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS7.3AI score0.0056EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 6:23 p.m.93 views

CVE-2024-4890

The CVE-2024-4890 entry applies to the berriai/litellm project. A blind SQL injection exists in the /team/update flow due to improper handling of the user_id parameter in the raw SQL used to delete users, with affected version 1.27.14. Exploitation could yield unauthorized access to sensitive dat...

4.9CVSS5.4AI score0.0056EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/06/06 6:23 p.m.7 views

CVE-2024-4890 Blind SQL Injection in berriai/litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS6AI score0.0056EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/06 6:23 p.m.27 views

CVE-2024-4890 Blind SQL Injection in berriai/litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS0.0056EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:19 p.m.15 views

CVE-2024-5225 SQL Injection in berriai/litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

6.4CVSS7.9AI score0.00429EPSS
Exploits1References1
Rows per page
Query Builder