Arbitrary Command Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Command Injection through the postcallrules configuration. An attacker can execute arbitrary commands by setting a system method, such as os.system, as a callback...

CVE-2024-6825 Remote Code Execution in BerriAI/litellm

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...

LiteLLM 命令注入漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A command injection vulnerability exists in LiteLLM version 1.40.12, which stems from mishandling of the postcallrules configuration and could lead to remote code execution...

PT-2025-12165 · Unknown · Berriai/Litellm

Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version 1.40.12 Description: The issue exists in the handling of the post call rules configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the...

Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities

Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...