Ishaan Jaff

4 exploits Active since Apr 2024
CVE-2024-2952 WRITEUP CRITICAL WRITEUP
litellm < 1.34.42 - Server-Side Template Injection via Completions Endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
CVSS 9.8
CVE-2024-6587 WRITEUP HIGH WRITEUP
litellm 1.38.10 - Server-Side Request Forgery via api_base Parameter
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.
CVSS 7.5
CVE-2024-6825 WRITEUP HIGH WRITEUP
litellm < 1.65.4 - Remote Code Execution via Post Call Rules Callback Injection
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.
CVSS 8.8
CVE-2024-8984 WRITEUP HIGH WRITEUP
litellm < 1.65.4 - Unauthenticated Denial of Service via Multipart Boundary Processing
A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
CVSS 7.5