Lucene search
K

416 matches found

Veracode
Veracode
added 2025/03/28 2:34 a.m.4 views

Remote Code Execution (RCE)

litellm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the 'postcallrules' configuration, allowing an attacker to specify a system method as a callback, leading to arbitrary command execution...

8.8CVSS8AI score0.01463EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2025/03/27 12:0 a.m.8 views

LiteLLM Resource Management Error Vulnerability

LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.9AI score0.00526EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/26 4:6 a.m.9 views

Denial Of Service (DoS)

litellm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multipart boundaries, allowing an attacker to append characters in HTTP requests, leading to excessive resource consumption and service unavailability...

7.5CVSS7AI score0.00792EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/03/26 12:38 a.m.14 views

Improper API Key Masking

LiteLLM is vulnerable to improper API key masking. The vulnerability is due to insufficient key redaction in the file litellmlogging.py, allowing an attacker to extract most of the API key and potentially gain unauthorized access to related systems or services...

7.5CVSS7.2AI score0.00708EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 12:6 p.m.8 views

CVE-2024-10188

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

7.5CVSS6.8AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:55 a.m.11 views

CVE-2024-9606

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

7.5CVSS7AI score0.00708EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:44 a.m.7 views

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...

8.8CVSS8AI score0.01463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:26 a.m.10 views

CVE-2024-8984

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...

7.5CVSS6.8AI score0.00792EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 7:42 p.m.6 views

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +198 more potentially affected by CVE-2025-0330 via litellm (>=1.0.0 <=1.65.4.post1)

litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.2.0, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.62.9 and more Source cves: CVE-2025-0330 Source advisory: SNYK:PYTHON-LITELLM-9511161...

7.5CVSS7AI score0.00523EPSS
Exploits1
Snyk
Snyk
added 2025/03/20 7:42 p.m.3 views

Exposure of Sensitive Information Through Metadata

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata due to an issue in proxyserver.py. An attacker can obtain sensitive information, including API keys, by triggering error...

8.7CVSS6.8AI score0.00523EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/03/20 6:43 p.m.5 views

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +171 more potentially affected by CVE-2025-0628 via litellm (>=1.0.0 <=1.60.8)

litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.1.5, =1.1.1 and more Source cves: CVE-2025-0628 Source advisory: SNYK:PYTHON-LITELLM-9511164...

8.1CVSS7.2AI score0.00315EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +194 more potentially affected by CVE-2025-0628 via litellm (>=0.1.400 <=1.60.8)

litellm PYPI version =0.1.400, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =1.1.1 and more Source cves: CVE-2025-0628 Source advisory: OSV:GHSA-FJCF-3J3R-78RP...

8.1CVSS7.4AI score0.00315EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.5 views

01os (>=0.0.1 <=0.0.13), agenta (>=0.14.1a0 <=0.14.7a1) +140 more potentially affected by CVE-2025-0330 via litellm (>=0.1.400 <=1.52.1)

litellm PYPI version =0.1.400, =0.0.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.5.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =6.0.0, =6.0.1 - aios-core =0.1.0 and more Source cves: CVE-2025-0330 Source advisory: OSV:GHSA-879V-FGGM-VXW2...

7.5CVSS7AI score0.00523EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.16 views

LiteLLM Has an Improper Authorization Vulnerability

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS7AI score0.00315EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.44 views

LiteLLM Has a Leakage of Langfuse API Keys

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS6.7AI score0.00523EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.5 views

01os (>=0.0.1 <=0.0.13), agenta (>=0.14.1a0 <=0.14.7a1) +101 more potentially affected by CVE-2024-9606 via litellm (>=0.1.400 <=1.43.9)

litellm PYPI version =0.1.400, =0.0.1, =0.14.1a0, =0.0.5, =0.0.4, =1.0.3, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.1.0, =0.0.1, =0.1.10 - bbook-maker =0.5.1 and more Source cves: CVE-2024-9606 Source advisory: OSV:GHSA-G5PG-73FC-HJWQ...

7.5CVSS7AI score0.00708EPSS
Exploits1
OSV
OSV
added 2025/03/20 12:32 p.m.11 views

GHSA-G5PG-73FC-HJWQ LiteLLM Reveals Portion of API Key via a Logging File

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

7.5CVSS7.3AI score0.00708EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.18 views

LiteLLM Reveals Portion of API Key via a Logging File

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

7.5CVSS7AI score0.00708EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +167 more potentially affected by CVE-2024-8984 via litellm (>=0.1.400 <=1.56.10)

litellm PYPI version =0.1.400, =0.0.1, =0.8.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =1.1.1 - aigrok =0.2.1 - aijson-ml =0.1.1 and more Source cves: CVE-2024-8984 Source advisory: OSV:GHSA-FH2C-86XM-PM2X...

7.5CVSS7.1AI score0.00792EPSS
Exploits1
OSV
OSV
added 2025/03/20 12:32 p.m.5 views

GHSA-FH2C-86XM-PM2X LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...

7.5CVSS7AI score0.00792EPSS
Exploits1References5
Rows per page
Query Builder