3 matches found
CVE-2024-4888
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
aiconsole (>=0.2.0 <=0.2.13), aider-chat (>=0.29.0 <=0.31.1) +48 more potentially affected by CVE-2024-4888 via litellm (>=0.1.400 <=1.35.35)
litellm PYPI version =0.1.400, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.1.18 and more Source cves: CVE-2024-4888 Source advisory: OSV:GHSA-3XR8-QFVJ-9P9J...
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...