High severityNVD Advisory· Published Sep 13, 2024· Updated Sep 13, 2024
SSRF in berriai/litellm
CVE-2024-6587
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the api_base parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by api_base. This request includes the OpenAI API key. A malicious user can set the api_base to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
litellmPyPI | < 1.44.8 | 1.44.8 |
Affected products
2- berriai/berriai/litellmv5Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.