CVE-2024-9606

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-9606

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9606.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9606

Aliases

GHSA-g5pg-73fc-hjwq

Published

2025-03-20T10:15:49.443Z

Modified

2026-03-12T17:30:05.456669Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In berriai/litellm before version 1.44.12, the litellm/litellm_core_utils/litellm_logging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.

References

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type

GIT

Repo

https://github.com/berriai/litellm

Events

Introduced

Fixed

a9ca18302116647b8f610b2390f626f112dc763f

Fixed

9094071c4782183e84f10630e2450be3db55509a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.44.12"
        }
    ]
}

Affected versions

1.*

1.16.12

1.16.13

1.16.14

1.34.2

1.34.20-stable

1.34.28.dev3

1.34.35-stable

1.34.39.dev1

1.34.40.dev1

1.35.1.dev1

1.35.13.dev1

1.35.19.dev1

1.35.24.dev6

1.35.26.dev3

1.35.33.dev4

1.35.36

1.35.36.dev1

1.35.5.dev2

1.40.3.dev2

1.40.8.dev1

1.41.11.dev5

1.41.12.dev1

1.41.14.dev15

1.44.6

Other

latest

pr-litellm-spend-logs-db

stable

test

v.*

v.1.32.34-stable

v0.*

v0.1.387

v0.1.492

v0.1.574

v0.1.738

v0.11.1

v0.8.4

v1.*

v1.1.0

v1.10.4

v1.11.1

v1.15.0

v1.15.5

v1.16-test2

v1.16-test3

v1.16-test4

v1.16.13

v1.16.15

v1.16.16

v1.16.17

v1.16.17-test

v1.16.17-test2

v1.16.17-test3

v1.16.18

v1.16.19

v1.16.20

v1.16.20.dev1

v1.16.20.dev3

v1.16.21

v1.16.3

v1.16.6

v1.17.0

v1.17.1

v1.17.10

v1.17.12

v1.17.13

v1.17.14

v1.17.15

v1.17.16

v1.17.17

v1.17.18

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.19.0

v1.19.2

v1.19.3

v1.19.4

v1.19.6

v1.20.0

v1.20.1

v1.20.2

v1.20.3

v1.20.5

v1.20.6

v1.20.7

v1.20.8

v1.20.9

v1.21.0

v1.21.1

v1.21.4

v1.21.5

v1.21.6

v1.21.7

v1.22.10

v1.22.11

v1.22.2

v1.22.3

v1.22.5

v1.22.8

v1.22.9

v1.23.0

v1.23.1

v1.23.10

v1.23.12

v1.23.14

v1.23.15

v1.23.16

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.7

v1.23.8

v1.23.9

v1.24.1

v1.24.3

v1.24.5

v1.24.6

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.1

v1.27.10

v1.27.14

v1.27.15

v1.27.4

v1.27.6

v1.27.7

v1.27.8

v1.27.9

v1.28.0

v1.28.1

v1.28.10

v1.28.11

v1.28.13

v1.28.2

v1.28.3

v1.28.4

v1.28.6

v1.28.7

v1.28.8

v1.28.9

v1.29.1

v1.29.3

v1.29.4

v1.29.5

v1.29.7

v1.30.0

v1.30.1

v1.30.2

v1.30.3

v1.30.4

v1.30.5

v1.30.6

v1.30.7

v1.31.10

v1.31.12

v1.31.12-dev

v1.31.12-dev1

v1.31.12-dev3

v1.31.13

v1.31.14

v1.31.15

v1.31.16

v1.31.17

v1.31.2

v1.31.3

v1.31.4

v1.31.5

v1.31.6

v1.31.7

v1.31.8

v1.31.9

v1.32.1

v1.32.3

v1.32.33-stable

v1.32.33.dev1

v1.32.4

v1.32.7

v1.32.7.dev1

v1.32.7.dev3

v1.32.7.dev5

v1.32.9

v1.33.0

v1.33.1

v1.33.2

v1.33.3

v1.33.4

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.34.10

v1.34.10.dev1

v1.34.12

v1.34.13

v1.34.14

v1.34.16

v1.34.17

v1.34.18

v1.34.19

v1.34.20

v1.34.21

v1.34.21-stable

v1.34.22

v1.34.22-stable

v1.34.22.dev15-stable

v1.34.23-stable

v1.34.25

v1.34.26

v1.34.27

v1.34.28

v1.34.28.dev12

v1.34.29

v1.34.3

v1.34.33

v1.34.34

v1.34.34.dev1

v1.34.35

v1.34.36

v1.34.36.dev2

v1.34.37

v1.34.37.dev1

v1.34.38

v1.34.39

v1.34.4

v1.34.4.dev1

v1.34.4.dev2

v1.34.40

v1.34.41

v1.34.42

v1.34.5

v1.34.6

v1.34.8

v1.34.8.dev1

v1.35.0

v1.35.1

v1.35.1.dev1

v1.35.1.dev2

v1.35.10

v1.35.11

v1.35.12

v1.35.13

v1.35.14

v1.35.15

v1.35.15-stable

v1.35.16

v1.35.17

v1.35.18

v1.35.19

v1.35.2

v1.35.2.dev4

v1.35.20

v1.35.20.dev2

v1.35.21

v1.35.21-stable

v1.35.23

v1.35.24

v1.35.24.dev1

v1.35.25

v1.35.26

v1.35.26.dev1

v1.35.28

v1.35.28.dev1

v1.35.29

v1.35.3

v1.35.30

v1.35.31

v1.35.32

v1.35.32.dev1

v1.35.33

v1.35.33.dev1

v1.35.33.dev2

v1.35.33.dev3

v1.35.34

v1.35.35

v1.35.35.dev1

v1.35.36

v1.35.36-dev2

v1.35.37

v1.35.38

v1.35.38-stable

v1.35.4

v1.35.5

v1.35.6

v1.35.7

v1.35.8

v1.35.8.dev1

v1.36.0

v1.36.1

v1.36.2

v1.36.2-stable

v1.36.3

v1.36.4

v1.36.4-stable

v1.37.0

v1.37.0.dev2_completion_cost

v1.37.0.dev_version_headers

v1.37.10

v1.37.11

v1.37.12

v1.37.12-stable

v1.37.12.dev1

v1.37.13

v1.37.13-stable

v1.37.14

v1.37.16

v1.37.16-stable

v1.37.17

v1.37.19

v1.37.19-stable

v1.37.2

v1.37.20

v1.37.20.dev1

v1.37.3

v1.37.3-stable

v1.37.5

v1.37.5-stable

v1.37.6

v1.37.7

v1.37.7-stable

v1.37.9

v1.37.9-stable

v1.38.0

v1.38.0-stable

v1.38.1

v1.38.10

v1.38.11

v1.38.12

v1.38.2

v1.38.3

v1.38.4

v1.38.4-stable

v1.38.5

v1.38.7

v1.38.7-stable

v1.38.8

v1.38.8-stable

v1.39.2

v1.39.3

v1.39.4

v1.39.5

v1.39.5-stable

v1.39.6

v1.40.0

v1.40.1

v1.40.1.dev2

v1.40.1.dev4

v1.40.10

v1.40.11

v1.40.12

v1.40.13

v1.40.13.dev1

v1.40.14

v1.40.14.dev1

v1.40.15

v1.40.16

v1.40.17

v1.40.19

v1.40.2

v1.40.2-stable

v1.40.20

v1.40.21

v1.40.22

v1.40.24

v1.40.25

v1.40.26

v1.40.27

v1.40.28

v1.40.29

v1.40.3

v1.40.3-stable

v1.40.3.dev4

v1.40.31

v1.40.4

v1.40.5

v1.40.6

v1.40.7

v1.40.7.dev1

v1.40.8

v1.40.8-stable

v1.40.9

v1.40.9-stable

v1.41.0

v1.41.0-stable

v1.41.1

v1.41.11

v1.41.11.dev1

v1.41.12

v1.41.13

v1.41.14

v1.41.14.dev10

v1.41.14.dev8

v1.41.15

v1.41.17

v1.41.18

v1.41.19

v1.41.2

v1.41.2-stable

v1.41.20

v1.41.21

v1.41.22

v1.41.22.dev4

v1.41.23

v1.41.23-stable

v1.41.24

v1.41.24.dev1

v1.41.25

v1.41.26

v1.41.26.dev1

v1.41.27

v1.41.28

v1.41.3

v1.41.3.dev2

v1.41.3.dev3

v1.41.4

v1.41.4.dev1

v1.41.5

v1.41.5.dev1

v1.41.6

v1.41.6.dev1

v1.41.7

v1.41.8

v1.41.8.dev1

v1.41.8.dev2

v1.42.0

v1.42.0-stable

v1.42.1

v1.42.10

v1.42.10-stable

v1.42.11

v1.42.12

v1.42.2

v1.42.2-stable

v1.42.3

v1.42.3-stable

v1.42.4

v1.42.4-stable

v1.42.5

v1.42.5-dev1

v1.42.5-dev2

v1.42.5-stable

v1.42.6

v1.42.7

v1.42.7-stable

v1.42.8

v1.42.9

v1.42.9-stable

v1.42.9-stable-fix

v1.42.9.dev1

v1.43.0

v1.43.0.dev1

v1.43.1

v1.43.1-dev1

v1.43.10

v1.43.10-stable

v1.43.12

v1.43.13

v1.43.13-stable

v1.43.13.dev1

v1.43.15

v1.43.15-stable

v1.43.16

v1.43.16-stable

v1.43.17

v1.43.18

v1.43.18-stable

v1.43.19

v1.43.19-stable

v1.43.19.dev1

v1.43.19.dev2

v1.43.2

v1.43.3

v1.43.3-dev1

v1.43.4

v1.43.4.dev5

v1.43.5

v1.43.5-stable

v1.43.6

v1.43.6-stable

v1.43.6.dev1

v1.43.7

v1.43.7-stable

v1.43.9

v1.43.9.dev1

v1.43.9.dev2

v1.43.9.dev3

v1.43.9.dev4

v1.44.1

v1.44.10

v1.44.10-stable

v1.44.11

v1.44.11-stable

v1.44.2

v1.44.3

v1.44.4

v1.44.4.dev2

v1.44.5

v1.44.6

v1.44.6-stable

v1.44.7

v1.44.8

v1.44.8-dev1

v1.44.9

v1.7.1

v1.7.11

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9606.json"