Lucene search
K

416 matches found

Github Security Blog
Github Security Blog
added 2024/05/18 12:30 a.m.30 views

litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

9.8CVSS8.1AI score0.00876EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2024/05/18 12:30 a.m.6 views

aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4264 via litellm (>=0.1.400 <=1.27.8)

litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4264 Source advisory: OSV:GHSA-7GGM-4RJG-594W...

9.8CVSS7.7AI score0.00876EPSS
Exploits0
OSV
OSV
added 2024/05/18 12:30 a.m.18 views

GHSA-7GGM-4RJG-594W litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

7.2CVSS9.8AI score0.00876EPSS
Exploits0References8
NVD
NVD
added 2024/05/18 12:15 a.m.30 views

CVE-2024-4264

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

9.8CVSS9.8AI score0.00876EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/18 12:0 a.m.20 views

CVE-2024-4264 Remote Code Execution in berriai/litellm

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

9.8CVSS8.1AI score0.00876EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/18 12:0 a.m.37 views

CVE-2024-4264 Remote Code Execution in berriai/litellm

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

9.8CVSS9.8AI score0.00876EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/18 12:0 a.m.5 views

LiteLLM 代码注入漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from a code injection vulnerability that stems from improper control over code generation, leading to a remote code execution RCE vulnerability...

9.8CVSS9.7AI score0.00876EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/18 12:0 a.m.6 views

PT-2024-30090

Name of the Vulnerable Software and Affected Versions berriai/litellm affected versions not specified Description A remote code execution issue exists due to improper control of code generation when using the eval function unsafely in the litellm.get secret method. Specifically, when the server...

9.8CVSS7.8AI score0.00876EPSS
Exploits0References15
OSV
OSV
added 2024/04/10 6:30 p.m.56 views

GHSA-46CM-PFWV-CGF8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS9.8AI score0.01256EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2024/04/10 6:30 p.m.40 views

LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.9AI score0.01256EPSS
Exploits1References10Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.15 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.8AI score0.01256EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:7 p.m.127 views

CVE-2024-2952

CVE-2024-2952 affects BerriAI/litellm. The vulnerability is an SSTI in the /completions endpoint: the hf_chat_template method processes the chat_template parameter from tokenizer_config.json using the Jinja template engine without proper sanitization, enabling attackers to craft malicious tokeniz...

9.8CVSS9.8AI score0.01256EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.26 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS10AI score0.01256EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:7 p.m.13 views

CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.5AI score0.01256EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

LiteLLM 安全漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM has a security vulnerability that stems from the lack of proper cleanup of file parameters and is susceptible to server-side template injection SSTI attacks...

9.8CVSS9.4AI score0.01256EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.6 views

PT-2024-22934

Name of the Vulnerable Software and Affected Versions BerriAI/litellm affected versions not specified Description The issue arises from the hf chat template method processing the chat template parameter from the tokenizer config.json file through the Jinja template engine without proper...

9.8CVSS7.7AI score0.01256EPSS
Exploits1References17
Rows per page
Query Builder