4 matches found
CVE-2024-10188
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +146 more potentially affected by CVE-2024-10188 via litellm (>=0.1.400 <=1.53.1)
litellm PYPI version =0.1.400, =0.0.1, =0.8.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =1.1.1 - aigrok =0.2.1 - aijson-ml =0.1.1 and more Source cves: CVE-2024-10188 Source advisory: OSV:GHSA-GW2Q-QW9J-RGV7...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +122 more potentially affected by CVE-2024-10188 via litellm (>=1.0.0 <=1.52.8)
litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.1.5, =1.1.1 - aigrok =0.2.1 - aijson-ml =0.1.1 and more Source cves: CVE-2024-10188 Source advisory: SNYK:PYTHON-LITELLM-9511216...
CVE-2024-10188
Summary of CVE-2024-10188 (Litellm) Affected: BerriAI/litellm project (Litellm library) as of commit 26c03c9.Root cause: insecure parsing of user input via ast.literal_eval, which is not safe for untrusted input.Impact: unauthenticated users can trigger a Denial of Service (DoS) that may crash th...