VYPR
← All advisories
Moderate severityNVD Advisory· Published Jun 6, 2024· Updated Aug 1, 2024

SQL Injection in berriai/litellm

CVE-2024-5225

Description

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated api_key parameter directly into the query, making it susceptible to SQL Injection if the api_key contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL Injection in LiteLLM's `/global/spend/logs` endpoint allows unauthenticated attackers to execute arbitrary SQL commands by manipulating the `api_key` parameter.

Root

Cause

An SQL Injection vulnerability exists in the BerriAI/litellm repository, specifically within the /global/spend/logs endpoint. The affected code constructs an SQL query by concatenating an unvalidated api_key parameter directly into the query, making it susceptible to SQL Injection if the api_key contains malicious data. This occurs in the global_spend_logs function where the query was built using string interpolation rather than parameterized queries. [1]

Exploitation

The vulnerability is reachable via the /global/spend/logs endpoint without prior authentication in certain configurations. The attacker only needs to provide a crafted api_key parameter containing SQL injection payloads. While some discussion suggests that the endpoint may require an admin-generated key, the risk remains significant as any user with network access to the gateway could potentially exploit this. [2]

Impact

Successful exploitation could lead to unauthorized access to the spent logging database, data manipulation, exposure of confidential information, and denial of service (DoS). Since LiteLLM handles API keys and usage data for multiple LLM providers, an attacker could potentially extract sensitive data or disrupt service. [2]

Mitigation

The vendor has addressed this issue in commit f75c15d6cd535aa78014378ad532de1df6be2f56, which replaces the vulnerable string concatenation with a parameterized SQL query using $1 placeholder. The fix was merged via pull request #3940. Users are strongly advised to update to the latest version of LiteLLM to remediate this vulnerability. [3][4]

References
  1. GitHub - BerriAI/litellm: Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs in OpenAI (or native) format, with cost tracking, guardrails, loadbalancing and logging. [Bedrock, Azure, OpenAI, VertexAI, Cohere, Anthropic, Sagemaker, HuggingFace, VLLM, NVIDIA NIM]
  2. NVD - CVE-2024-5225
  3. fix commit for sql injection in api key by CodeVigilanteOfficial · Pull Request #3940 · BerriAI/litellm
  4. fix(proxy_server.py): security fix - fix sql injection attack on glob… · BerriAI/litellm@f75c15d

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
litellmPyPI
< 1.40.01.40.0

Affected products

2
  • ghsa-coords
    pkg:pypi/litellm
    Range: < 1.40.0
  • berriai/berriai/litellmv5
    Range: unspecified

Patches

1
f75c15d6cd53

fix(proxy_server.py): security fix - fix sql injection attack on global spend logs

https://github.com/BerriAI/litellmKrrish DholakiaJun 1, 2024via ghsa
commit
1 file changed · +4 8
  • litellm/proxy/proxy_server.py+4 8 modified
    @@ -8693,17 +8693,13 @@ async def global_spend_logs(
 
         return response
     else:
-        sql_query = (
-            """
+        sql_query = """
             SELECT * FROM "MonthlyGlobalSpendPerKey"
-            WHERE "api_key" = '"""
-            + api_key
-            + """'
+            WHERE "api_key" = $1
             ORDER BY "date";
-        """
-        )
+            """
 
-        response = await prisma_client.db.query_raw(query=sql_query)
+        response = await prisma_client.db.query_raw(sql_query, api_key)
 
         return response
     return

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.