CVE-2024-4890

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-4890

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4890.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-4890

Aliases

GHSA-8j42-pcfm-3467

Published

2024-06-06T19:16:03Z

Modified

2025-02-19T03:43:22.669645Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'userid' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.

References

https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type: GIT
Repo: https://github.com/berriai/litellm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0591b4b846513754370896c06943092a3c63ecc9

Affected versions

1.*

1.16.12

1.16.13

1.16.14

v0.*

v0.1.387

v0.1.492

v0.1.574

v0.1.738

v0.11.1

v0.8.4

v1.*

v1.1.0

v1.10.4

v1.11.1

v1.15.0

v1.15.5

v1.16-test2

v1.16-test3

v1.16-test4

v1.16.13

v1.16.15

v1.16.16

v1.16.17

v1.16.17-test

v1.16.17-test2

v1.16.17-test3

v1.16.18

v1.16.19

v1.16.20

v1.16.20.dev1

v1.16.20.dev3

v1.16.21

v1.16.3

v1.16.6

v1.17.0

v1.17.1

v1.17.10

v1.17.12

v1.17.13

v1.17.14

v1.17.15

v1.17.16

v1.17.17

v1.17.18

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.19.0

v1.19.2

v1.19.3

v1.19.4

v1.19.6

v1.20.0

v1.20.1

v1.20.2

v1.20.3

v1.20.5

v1.20.6

v1.20.7

v1.20.8

v1.20.9

v1.21.0

v1.21.1

v1.21.4

v1.21.5

v1.21.6

v1.21.7

v1.22.10

v1.22.11

v1.22.2

v1.22.3

v1.22.5

v1.22.8

v1.22.9

v1.23.0

v1.23.1

v1.23.10

v1.23.12

v1.23.14

v1.23.15

v1.23.16

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.7

v1.23.8

v1.23.9

v1.24.1

v1.24.3

v1.24.5

v1.24.6

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.1

v1.27.10

v1.27.14

v1.27.4

v1.27.6

v1.27.7

v1.27.8

v1.27.9

v1.7.1

v1.7.11