Lucene search
K

411 matches found

ptsecurity
ptsecurity
added 2024/06/27 12:0 a.m.12 views

PT-2024-37087

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.34 Description: The issue is related to improper access control in the team management functionality, allowing attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and...

6.5CVSS6.1AI score0.00406EPSS
Exploits1References12
ptsecurity
ptsecurity
added 2024/06/27 12:0 a.m.8 views

PT-2024-37119

Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version v1.35.8 Description: The issue allows an attacker to achieve remote code execution. It exists in the add deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References11
cnnvd
cnnvd
added 2024/06/27 12:0 a.m.6 views

LiteLLM Access Control Error Vulnerability

LiteLLM is an open source application from LiteLLM. All LLM APIs can be called using the OpenAI format. An Access Control Error vulnerability exists in LiteLLM version 1.34.34, which stems from an improper access control issue in the Team Management feature that allows an attacker to...

6.5CVSS6.9AI score0.00406EPSS
Exploits1References2
cnnvd
cnnvd
added 2024/06/27 12:0 a.m.7 views

LiteLLM Code Injection Vulnerability

LiteLLM is a LiteLLM open source application. All LLM APIs can be called using the OpenAI format. A code injection vulnerability exists in LiteLLM v1.35.8, which stems from the fact that the adddeployment function assigns base64 decoding and decryption environment variables to os.environ, which c...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References2
cnvd
cnvd
added 2024/06/13 12:0 a.m.5 views

LiteLLM SQL Injection Vulnerability

LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM 1.40.4 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to cause unauthorized access, data manipulation, disclosure of confidential informati...

7.2CVSS7.4AI score0.00429EPSS
Exploits1References1
veracode
veracode
added 2024/06/12 5:14 a.m.13 views

Code Injection

litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...

7.2CVSS7.8AI score0.00859EPSS
Exploits1References1Affected Software1
vulnersosv
vulnersosv
added 2024/06/06 9:30 p.m.4 views

aiconsole (>=0.2.0 <=0.2.13), aider-chat (>=0.29.0 <=0.31.1) +48 more potentially affected by CVE-2024-4888 via litellm (>=0.1.400 <=1.35.35)

litellm PYPI version =0.1.400, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.1.18 and more Source cves: CVE-2024-4888 Source advisory: OSV:GHSA-3XR8-QFVJ-9P9J...

8.1CVSS6.7AI score0.00614EPSS
Exploits1
osv
osv
added 2024/06/06 9:30 p.m.14 views

GHSA-8J42-PCFM-3467 SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.4AI score0.0056EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2024/06/06 9:30 p.m.5 views

aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4890 via litellm (>=0.1.400 <=1.26.13)

litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4890 Source advisory: OSV:GHSA-8J42-PCFM-3467...

4.9CVSS5.5AI score0.0056EPSS
Exploits1
vulnersosv
vulnersosv
added 2024/06/06 9:30 p.m.5 views

agentic-devops (>=0.0.5 <=0.0.9), ai-agents (>=0.0.4 <=0.0.52) +62 more potentially affected by CVE-2024-5225 via litellm (>=0.1.400 <=1.38.8)

litellm PYPI version =0.1.400, =0.0.5, =0.0.4, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =4.5.263, =0.1.0, =0.1.17 and more Source cves: CVE-2024-5225 Source advisory: OSV:GHSA-H6M6-JJ8V-94JJ...

7.2CVSS6.7AI score0.00429EPSS
Exploits1
osv
osv
added 2024/06/06 9:30 p.m.12 views

GHSA-H6M6-JJ8V-94JJ SQL injection in litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

6.4CVSS6.8AI score0.00429EPSS
Exploits1References5
osv
osv
added 2024/06/06 9:30 p.m.37 views

GHSA-3XR8-QFVJ-9P9J Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

7CVSS6.9AI score0.00614EPSS
Exploits1References4
github
github
added 2024/06/06 9:30 p.m.38 views

SQL injection in litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

7.2CVSS6.7AI score0.00429EPSS
Exploits1References5Affected Software1
github
github
added 2024/06/06 9:30 p.m.33 views

SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.5AI score0.0056EPSS
Exploits1References4Affected Software1
github
github
added 2024/06/06 9:30 p.m.23 views

Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

8.1CVSS6.6AI score0.00614EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2024/06/06 7:16 p.m.39 views

CVE-2024-5225

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

7.2CVSS0.00429EPSS
Exploits1References1
nvd
nvd
added 2024/06/06 7:16 p.m.23 views

CVE-2024-4890

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS0.0056EPSS
Exploits1References1
cvelist
cvelist
added 2024/06/06 6:31 p.m.38 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS0.00614EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/06/06 6:31 p.m.16 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS7.3AI score0.00614EPSS
Exploits1References1
osv
osv
added 2024/06/06 6:23 p.m.7 views

CVE-2024-4890 Blind SQL Injection in berriai/litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS6AI score0.0056EPSS
Exploits1References3
Rows per page
Query Builder