Berriai Litellm vulnerabilities
14 known vulnerabilities affecting berriai/berriai_litellm.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH9MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-6587P1HIGHCVSS 7.5ExploitedPoC≥ unspecified, < 1.44.92024-09-13
CVE-2024-6587 [HIGH] CWE-918 CVE-2024-6587: A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This v
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user c
nvd
CVE-2024-4264P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2024-05-18
CVE-2024-4264 [CRITICAL] CWE-94 CVE-2024-4264: A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper co
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exp
nvd
CVE-2024-6825P2HIGHCVSS 8.8≥ unspecified, < v1.65.4.dev62025-03-20
CVE-2024-6825 [HIGH] CWE-94 CVE-2024-6825: BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issu
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' exten
nvd
CVE-2024-5751P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2024-06-27
CVE-2024-5751 [CRITICAL] CWE-94 CVE-2024-5751: BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code e
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endp
nvd
CVE-2024-2952P2CRITICALCVSS 9.8≥ unspecified, < 1.34.422024-04-10
CVE-2024-2952 [CRITICAL] CWE-76 CVE-2024-2952: BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoi
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicio
nvd
CVE-2024-4888P3HIGHCVSS 8.1≥ unspecified, ≤ latest2024-06-06
CVE-2024-4888 [HIGH] CWE-862 CVE-2024-4888: BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper i
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or valid
nvd
CVE-2024-4889P3HIGHCVSS 7.2≥ unspecified, ≤ latest2024-06-06
CVE-2024-4889 [HIGH] CWE-94 CVE-2024-4889: A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the
nvd
CVE-2024-9606P3HIGHCVSS 7.5≥ unspecified, < 1.44.122025-03-20
CVE-2024-9606 [HIGH] CWE-117 CVE-2024-9606: In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file
In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.
nvd
CVE-2025-0330P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0330 [HIGH] CWE-1230 CVE-2025-0330: In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API k
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.
nvd
CVE-2024-5225P3HIGHCVSS 7.2≥ unspecified, ≤ latest2024-06-06
CVE-2024-5225 [HIGH] CWE-89 CVE-2024-5225: An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/g
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it
nvd
CVE-2024-8984P3HIGHCVSS 7.5≥ unspecified, < v1.65.4-stable2025-03-20
CVE-2024-8984 [HIGH] CWE-770 CVE-2024-8984: A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerabilit
A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The i
nvd
CVE-2024-10188P3HIGHCVSS 7.5≥ unspecified, < 1.53.12025-03-20
CVE-2024-10188 [HIGH] CWE-400 CVE-2024-10188: A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a De
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
nvd
CVE-2024-5710P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2024-06-27
CVE-2024-5710 [MEDIUM] CWE-862 CVE-2024-5710: berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management func
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from
nvd
CVE-2024-4890P4MEDIUMCVSS 4.9≥ unspecified, ≤ latest2024-06-06
CVE-2024-4890 [MEDIUM] CWE-89 CVE-2024-4890: A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within t
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id'
nvd