CVE-2024-6587

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6587

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6587.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6587

Aliases

GHSA-g26j-5385-hhw3

Published

2024-09-13T16:15:04Z

Modified

2024-10-08T04:25:16.891047Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the api_base parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by api_base. This request includes the OpenAI API key. A malicious user can set the api_base to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.

References

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type: GIT
Repo: https://github.com/berriai/litellm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ba1912afd1b19e38d3704bb156adf887f91ae1e0

Affected versions

1.*

1.16.12

1.16.13

1.16.14

1.34.2

1.34.20-stable

1.34.28.dev3

1.34.35-stable

1.34.39.dev1

1.34.40.dev1

1.35.1.dev1

1.35.13.dev1

1.35.19.dev1

1.35.24.dev6

1.35.26.dev3

1.35.33.dev4

1.35.36

1.35.36.dev1

1.35.5.dev2

1.40.3.dev2

1.40.8.dev1

1.41.11.dev5

1.41.12.dev1

1.41.14.dev15

1.44.6

Other

latest

pr-litellm-spend-logs-db

stable

test

v.*

v.1.32.34-stable

v0.*

v0.1.387

v0.1.492

v0.1.574

v0.1.738

v0.11.1

v0.8.4

v1.*

v1.1.0

v1.10.4

v1.11.1

v1.15.0

v1.15.5

v1.16-test2

v1.16-test3

v1.16-test4

v1.16.13

v1.16.15

v1.16.16

v1.16.17

v1.16.17-test

v1.16.17-test2

v1.16.17-test3

v1.16.18

v1.16.19

v1.16.20

v1.16.20.dev1

v1.16.20.dev3

v1.16.21

v1.16.3

v1.16.6

v1.17.0

v1.17.1

v1.17.10

v1.17.12

v1.17.13

v1.17.14

v1.17.15

v1.17.16

v1.17.17

v1.17.18

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.19.0

v1.19.2

v1.19.3

v1.19.4

v1.19.6

v1.20.0

v1.20.1

v1.20.2

v1.20.3

v1.20.5

v1.20.6

v1.20.7

v1.20.8

v1.20.9

v1.21.0

v1.21.1

v1.21.4

v1.21.5

v1.21.6

v1.21.7

v1.22.10

v1.22.11

v1.22.2

v1.22.3

v1.22.5

v1.22.8

v1.22.9

v1.23.0

v1.23.1

v1.23.10

v1.23.12

v1.23.14

v1.23.15

v1.23.16

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.7

v1.23.8

v1.23.9

v1.24.1

v1.24.3

v1.24.5

v1.24.6

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.1

v1.27.10

v1.27.14

v1.27.15

v1.27.4

v1.27.6

v1.27.7

v1.27.8

v1.27.9

v1.28.0

v1.28.1

v1.28.10

v1.28.11

v1.28.13

v1.28.2

v1.28.3

v1.28.4

v1.28.6

v1.28.7

v1.28.8

v1.28.9

v1.29.1

v1.29.3

v1.29.4

v1.29.5

v1.29.7

v1.30.0

v1.30.1

v1.30.2

v1.30.3

v1.30.4

v1.30.5

v1.30.6

v1.30.7

v1.31.10

v1.31.12

v1.31.12-dev

v1.31.12-dev1

v1.31.12-dev3

v1.31.13

v1.31.14

v1.31.15

v1.31.16

v1.31.17

v1.31.2

v1.31.3

v1.31.4

v1.31.5

v1.31.6

v1.31.7

v1.31.8

v1.31.9

v1.32.1

v1.32.3

v1.32.33-stable

v1.32.33.dev1

v1.32.4

v1.32.7

v1.32.7.dev1

v1.32.7.dev3

v1.32.7.dev5

v1.32.9

v1.33.0

v1.33.1

v1.33.2

v1.33.3

v1.33.4

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.34.10

v1.34.10.dev1

v1.34.12

v1.34.13

v1.34.14

v1.34.16

v1.34.17

v1.34.18

v1.34.19

v1.34.20

v1.34.21

v1.34.21-stable

v1.34.22

v1.34.22-stable

v1.34.22.dev15-stable

v1.34.23-stable

v1.34.25

v1.34.26

v1.34.27

v1.34.28

v1.34.28.dev12

v1.34.29

v1.34.3

v1.34.33

v1.34.34

v1.34.34.dev1

v1.34.35

v1.34.36

v1.34.36.dev2

v1.34.37

v1.34.37.dev1

v1.34.38

v1.34.39

v1.34.4

v1.34.4.dev1

v1.34.4.dev2

v1.34.40

v1.34.41

v1.34.42

v1.34.5

v1.34.6

v1.34.8

v1.34.8.dev1

v1.35.0

v1.35.1

v1.35.1.dev1

v1.35.1.dev2

v1.35.10

v1.35.11

v1.35.12

v1.35.13

v1.35.14

v1.35.15

v1.35.15-stable

v1.35.16

v1.35.17

v1.35.18

v1.35.19

v1.35.2

v1.35.2.dev4

v1.35.20

v1.35.20.dev2

v1.35.21

v1.35.21-stable

v1.35.23

v1.35.24

v1.35.24.dev1

v1.35.25

v1.35.26

v1.35.26.dev1

v1.35.28

v1.35.28.dev1

v1.35.29

v1.35.3

v1.35.30

v1.35.31

v1.35.32

v1.35.32.dev1

v1.35.33

v1.35.33.dev1

v1.35.33.dev2

v1.35.33.dev3

v1.35.34

v1.35.35

v1.35.35.dev1

v1.35.36

v1.35.36-dev2

v1.35.37

v1.35.38

v1.35.38-stable

v1.35.4

v1.35.5

v1.35.6

v1.35.7

v1.35.8

v1.35.8.dev1

v1.36.0

v1.36.1

v1.36.2

v1.36.2-stable

v1.36.3

v1.36.4

v1.36.4-stable

v1.37.0

v1.37.0.dev2_completion_cost

v1.37.0.dev_version_headers

v1.37.10

v1.37.11

v1.37.12

v1.37.12-stable

v1.37.12.dev1

v1.37.13

v1.37.13-stable

v1.37.14

v1.37.16

v1.37.16-stable

v1.37.17

v1.37.19

v1.37.19-stable

v1.37.2

v1.37.20

v1.37.20.dev1

v1.37.3

v1.37.3-stable

v1.37.5

v1.37.5-stable

v1.37.6

v1.37.7

v1.37.7-stable

v1.37.9

v1.37.9-stable

v1.38.0

v1.38.0-stable

v1.38.1

v1.38.10

v1.38.11

v1.38.12

v1.38.2

v1.38.3

v1.38.4

v1.38.4-stable

v1.38.5

v1.38.7

v1.38.7-stable

v1.38.8

v1.38.8-stable

v1.39.2

v1.39.3

v1.39.4

v1.39.5

v1.39.5-stable

v1.39.6

v1.40.0

v1.40.1

v1.40.1.dev2

v1.40.1.dev4

v1.40.10

v1.40.11

v1.40.12

v1.40.13

v1.40.13.dev1

v1.40.14

v1.40.14.dev1

v1.40.15

v1.40.16

v1.40.17

v1.40.19

v1.40.2

v1.40.2-stable

v1.40.20

v1.40.21

v1.40.22

v1.40.24

v1.40.25

v1.40.26

v1.40.27

v1.40.28

v1.40.29

v1.40.3

v1.40.3-stable

v1.40.3.dev4

v1.40.31

v1.40.4

v1.40.5

v1.40.6

v1.40.7

v1.40.7.dev1

v1.40.8

v1.40.8-stable

v1.40.9

v1.40.9-stable

v1.41.0

v1.41.0-stable

v1.41.1

v1.41.11

v1.41.11.dev1

v1.41.12

v1.41.13

v1.41.14

v1.41.14.dev10

v1.41.14.dev8

v1.41.15

v1.41.17

v1.41.18

v1.41.19

v1.41.2

v1.41.2-stable

v1.41.20

v1.41.21

v1.41.22

v1.41.22.dev4

v1.41.23

v1.41.23-stable

v1.41.24

v1.41.24.dev1

v1.41.25

v1.41.26

v1.41.26.dev1

v1.41.27

v1.41.28

v1.41.3

v1.41.3.dev2

v1.41.3.dev3

v1.41.4

v1.41.4.dev1

v1.41.5

v1.41.5.dev1

v1.41.6

v1.41.6.dev1

v1.41.7

v1.41.8

v1.41.8.dev1

v1.41.8.dev2

v1.42.0

v1.42.0-stable

v1.42.1

v1.42.10

v1.42.10-stable

v1.42.11

v1.42.12

v1.42.2

v1.42.2-stable

v1.42.3

v1.42.3-stable

v1.42.4

v1.42.4-stable

v1.42.5

v1.42.5-dev1

v1.42.5-dev2

v1.42.5-stable

v1.42.6

v1.42.7

v1.42.7-stable

v1.42.8

v1.42.9

v1.42.9-stable

v1.42.9-stable-fix

v1.42.9.dev1

v1.43.0

v1.43.0.dev1

v1.43.1

v1.43.1-dev1

v1.43.10

v1.43.10-stable

v1.43.12

v1.43.13

v1.43.13-stable

v1.43.13.dev1

v1.43.15

v1.43.15-stable

v1.43.16

v1.43.16-stable

v1.43.17

v1.43.18

v1.43.18-stable

v1.43.19

v1.43.19-stable

v1.43.19.dev1

v1.43.19.dev2

v1.43.2

v1.43.3

v1.43.3-dev1

v1.43.4

v1.43.4.dev5

v1.43.5

v1.43.5-stable

v1.43.6

v1.43.6-stable

v1.43.6.dev1

v1.43.7

v1.43.7-stable

v1.43.9

v1.43.9.dev1

v1.43.9.dev2

v1.43.9.dev3

v1.43.9.dev4

v1.44.1

v1.44.2

v1.44.3

v1.44.4

v1.44.4.dev2

v1.44.5

v1.44.6

v1.44.6-stable

v1.44.7

v1.44.8

v1.7.1

v1.7.11