CVE-2024-10188

HIGH

litellm < 1.53.1.dev1 - Unauthenticated Denial of Service via ast.literal_eval Input Parsing

Title source: llm
STIX 2.1

Description

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.

Scores

CVSS v3 7.5
EPSS 0.0053
EPSS Percentile 41.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (2)
berriai/berriai/litellm unspecified - 1.53.1
pypi/litellm 0 - 1.53.1.dev1PyPI
Published Mar 20, 2025
Tracked Since Feb 18, 2026