HIGH 7.5

GHSA-879v-fggm-vxw2

LiteLLM Has a Leakage of Langfuse API Keys

상세

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / litellm

최초 영향 버전: 0

No fixed version published yet for litellm (pip). Pin to a known-safe version or switch to an alternative.

참고

https://nvd.nist.gov/vuln/detail/CVE-2025-0330 [ADVISORY]
https://github.com/BerriAI/litellm [PACKAGE]
https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a [WEB]