SQL Injection Vulnerability in berriai/litellm Repository Affects Latest Version
CVE-2024-5225

7.2HIGH

Key Information:

Vendor: Berriai
Status: Berriai/litellm
Vendor: CVE Published:; 6 June 2024

What is CVE-2024-5225?

An SQL Injection vulnerability is present in the Berriai/Litellm repository, particularly impacting the /global/spend/logs endpoint. This vulnerability emerges from incorrect processing of special elements within SQL commands. It stems from the direct inclusion of an unvalidated api_key parameter into the SQL query, rendering it vulnerable to SQL injection attacks when the api_key contains malicious input. Exploitation of this flaw may allow attackers to gain unauthorized access, manipulate data, expose sensitive information, or trigger denial of service (DoS) conditions. Immediate remediation measures are essential to protect against potential security breaches stemming from this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

berriai/litellm <= unspecified

References

https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 22, 2024

JSON

Berriai

What is CVE-2024-5225?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.