416 matches found
litellm passes untrusted data to `eval` function without sanitization
A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...
aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4264 via litellm (>=0.1.400 <=1.27.8)
litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4264 Source advisory: OSV:GHSA-7GGM-4RJG-594W...
GHSA-7GGM-4RJG-594W litellm passes untrusted data to `eval` function without sanitization
A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...
CVE-2024-4264
A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...
CVE-2024-4264 Remote Code Execution in berriai/litellm
A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...
CVE-2024-4264 Remote Code Execution in berriai/litellm
A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...
LiteLLM 代码注入漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from a code injection vulnerability that stems from improper control over code generation, leading to a remote code execution RCE vulnerability...
PT-2024-30090
Name of the Vulnerable Software and Affected Versions berriai/litellm affected versions not specified Description A remote code execution issue exists due to improper control of code generation when using the eval function unsafely in the litellm.get secret method. Specifically, when the server...
GHSA-46CM-PFWV-CGF8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952
CVE-2024-2952 affects BerriAI/litellm. The vulnerability is an SSTI in the /completions endpoint: the hf_chat_template method processes the chat_template parameter from tokenizer_config.json using the Jinja template engine without proper sanitization, enabling attackers to craft malicious tokeniz...
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
LiteLLM 安全漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM has a security vulnerability that stems from the lack of proper cleanup of file parameters and is susceptible to server-side template injection SSTI attacks...
PT-2024-22934
Name of the Vulnerable Software and Affected Versions BerriAI/litellm affected versions not specified Description The issue arises from the hf chat template method processing the chat template parameter from the tokenizer config.json file through the Jinja template engine without proper...