CVE-2024-10188
published 2025-03-20CVE-2024-10188: A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of…
PriorityP339high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.53%
40.5th percentile
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| berriai | berriai_litellm | >= unspecified < 1.53.1 | 1.53.1 |
| litellm | litellm | >= 0 < 1.53.1.dev1 | 1.53.1.dev1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LiteLLM Vulnerable to Denial of Service (DoS)
ghsa·2025-03-20
CVE-2024-10188 [HIGH] CWE-400 LiteLLM Vulnerable to Denial of Service (DoS)
LiteLLM Vulnerable to Denial of Service (DoS)
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
OSV
LiteLLM Vulnerable to Denial of Service (DoS)
osv·2025-03-20
CVE-2024-10188 [HIGH] LiteLLM Vulnerable to Denial of Service (DoS)
LiteLLM Vulnerable to Denial of Service (DoS)
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
Suricata
GPL WEB_SERVER printenv access
suricata·2010-09-23
CVE-2000-0868 GPL WEB_SERVER printenv access
GPL WEB_SERVER printenv access
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER printenv access"; flow:established,to_server; http.uri; content:"/printenv"; reference:bugtraq,1658; reference:cve,2000-0868; reference:nessus,10188; reference:nessus,10503; classtype:web-application-activity; sid:2101877; rev:12; metadata:created_at 2010_09_23, cve CVE_2000_0868, signature_severity Unknown, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published