11 matches found
PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection
Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...
User Impersonation
Overview litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package. Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to...
GHSA-4XPC-PV4P-PM3W LiteLLM: Authentication Bypass via Host Header Injection
Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...
PT-2026-50152
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description A Host-header parsing flaw in the LiteLLM proxy allows unauthenticated access to protected management routes. The authentication layer derives the effective route from request.url.path in the get...
HTTP Request Smuggling
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to HTTP Request Smuggling through the QuerystringParser function. An attacker can bypass upstream validation and inject or override form fields by crafting specially formatted...
PT-2026-49570
Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The QuerystringParser treated the semicolon ; as a field separator in application/x-www-form-urlencoded bodies, in addition to the ampersand &. This deviates from the WHATWG URL standard,...
EUVD-2025-209280
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inje...
CVE-2025-71058
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inje...
CVE-2026-26961
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...
CVE-2026-26961
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...
PT-2021-6606 · Hashicorp +2 · Hashicorp Consul +3
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.3.0 through 1.10.0 Description: The issue is related to the absence of validation of the destination service identity in the encoded subject alternative name in the Envoy proxy TLS...