411 matches found
PT-2024-37087
Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.34 Description: The issue is related to improper access control in the team management functionality, allowing attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and...
PT-2024-37119
Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version v1.35.8 Description: The issue allows an attacker to achieve remote code execution. It exists in the add deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ...
LiteLLM Access Control Error Vulnerability
LiteLLM is an open source application from LiteLLM. All LLM APIs can be called using the OpenAI format. An Access Control Error vulnerability exists in LiteLLM version 1.34.34, which stems from an improper access control issue in the Team Management feature that allows an attacker to...
LiteLLM Code Injection Vulnerability
LiteLLM is a LiteLLM open source application. All LLM APIs can be called using the OpenAI format. A code injection vulnerability exists in LiteLLM v1.35.8, which stems from the fact that the adddeployment function assigns base64 decoding and decryption environment variables to os.environ, which c...
LiteLLM SQL Injection Vulnerability
LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM 1.40.4 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to cause unauthorized access, data manipulation, disclosure of confidential informati...
Code Injection
litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...
aiconsole (>=0.2.0 <=0.2.13), aider-chat (>=0.29.0 <=0.31.1) +48 more potentially affected by CVE-2024-4888 via litellm (>=0.1.400 <=1.35.35)
litellm PYPI version =0.1.400, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.1.18 and more Source cves: CVE-2024-4888 Source advisory: OSV:GHSA-3XR8-QFVJ-9P9J...
GHSA-8J42-PCFM-3467 SQL injection in litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4890 via litellm (>=0.1.400 <=1.26.13)
litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4890 Source advisory: OSV:GHSA-8J42-PCFM-3467...
agentic-devops (>=0.0.5 <=0.0.9), ai-agents (>=0.0.4 <=0.0.52) +62 more potentially affected by CVE-2024-5225 via litellm (>=0.1.400 <=1.38.8)
litellm PYPI version =0.1.400, =0.0.5, =0.0.4, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =4.5.263, =0.1.0, =0.1.17 and more Source cves: CVE-2024-5225 Source advisory: OSV:GHSA-H6M6-JJ8V-94JJ...
GHSA-H6M6-JJ8V-94JJ SQL injection in litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
GHSA-3XR8-QFVJ-9P9J Arbitrary file deletion in litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
SQL injection in litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
SQL injection in litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
Arbitrary file deletion in litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-5225
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
CVE-2024-4890
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-4890 Blind SQL Injection in berriai/litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...