5 matches found
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...
Envoy 代码问题漏洞
Envoy is an Enphase open source gateway program for connecting smart home devices. A code issue vulnerability exists in Envoy, which stems from the OAuth2 filter omitting the Secure attribute when deleting session cookies with the Secure-/Host- prefix, resulting in the browser rejecting the delet...
Envoy 安全漏洞
Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy version 1.32.0, which stems from a vulnerability that allows an attacker to inject unexpected content into the access log by exploiting insufficient validation of the...
Envoy 安全漏洞
Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in versions prior to Envoy 1.32.0 that stems from allowing an external client to manipulate the Envoy header, which can lead to unauthorized access or other malicious operations with...
编号撤回
Envoy is an Enphase open source gateway program for connecting smart home devices. This CVE number has been withdrawn...