High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Improper Output Neutralization for Logs in berriai/litellm
CVE-2024-9606
Description
In berriai/litellm before version 1.44.12, the litellm/litellm_core_utils/litellm_logging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
litellmPyPI | < 1.44.12 | 1.44.12 |
Affected products
2- berriai/berriai/litellmv5Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.