HIGH 7.5

GHSA-gw2q-qw9j-rgv7

LiteLLM Vulnerable to Denial of Service (DoS)

Details

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / litellm

Introduced in: 0 Fixed in: 1.53.1.dev1

Fix pip install --upgrade 'litellm>=1.53.1.dev1'

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10188 [ADVISORY]
https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c [WEB]
https://github.com/BerriAI/litellm [PACKAGE]
https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b [WEB]