High severityNVD Advisory· Published Jun 6, 2024· Updated Nov 3, 2024
Arbitrary File Deletion in BerriAI/litellm
CVE-2024-4888
Description
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where os.remove(file.filename) is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
litellmPyPI | < 1.35.36 | 1.35.36 |
Affected products
2- berriai/berriai/litellmv5Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.