CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6587 – SSRF in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-6587
13 Sep 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key. • https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42679
https://notcve.org/view.php?id=CVE-2024-42679
15 Aug 2024 — SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. • https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYsqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5710 – Improper Access Control in Team Management in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-5710
27 Jun 2024 — berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization. • https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5751 – Remote Code Execution in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-5751
27 Jun 2024 — BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database ... • https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4888 – Arbitrary File Deletion in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-4888
06 Jun 2024 — BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the... • https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4890 – Blind SQL Injection in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-4890
06 Jun 2024 — A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affec... • https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4889 – Code Injection in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-4889
06 Jun 2024 — A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute a... • https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4264 – Remote Code Execution in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-4264
18 May 2024 — A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings ... • https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2952 – Server-Side Template Injection in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-2952
10 Apr 2024 — BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server. BerriAI/litellm es vulnerable a Server-Side Template Injection (SSTI) a través del e... • https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3 • CWE-76: Improper Neutralization of Equivalent Special Elements •