CVE-2024-4888
- EPSS 0.06%
- Veröffentlicht 06.06.2024 19:16:03
- Zuletzt bearbeitet 21.11.2024 09:43:47
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includ...
CVE-2024-4890
- EPSS 0.09%
- Veröffentlicht 06.06.2024 19:16:03
- Zuletzt bearbeitet 21.11.2024 09:43:48
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting use...
CVE-2024-4889
- EPSS 0.16%
- Veröffentlicht 06.06.2024 18:15:18
- Zuletzt bearbeitet 21.11.2024 09:43:47
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file ...
CVE-2024-2952
- EPSS 1.45%
- Veröffentlicht 10.04.2024 17:15:54
- Zuletzt bearbeitet 15.07.2025 14:21:14
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through...