CVE-2024-5225

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-5225
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5225.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-5225
Aliases
Published
2024-06-06T19:16:06Z
Modified
2025-02-14T11:57:15.286760Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated api_key parameter directly into the query, making it susceptible to SQL Injection if the api_key contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).

References

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type
GIT
Repo
https://github.com/berriai/litellm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1.*

1.16.12
1.16.13
1.16.14
1.34.2
1.34.20-stable
1.34.28.dev3
1.34.35-stable
1.34.39.dev1
1.34.40.dev1
1.35.1.dev1
1.35.13.dev1
1.35.19.dev1
1.35.24.dev6
1.35.26.dev3
1.35.33.dev4
1.35.36
1.35.36.dev1
1.35.5.dev2

Other

latest
pr-litellm-spend-logs-db
stable
test

v.*

v.1.32.34-stable

v0.*

v0.1.387
v0.1.492
v0.1.574
v0.1.738
v0.11.1
v0.8.4

v1.*

v1.1.0
v1.10.4
v1.11.1
v1.15.0
v1.15.5
v1.16-test2
v1.16-test3
v1.16-test4
v1.16.13
v1.16.15
v1.16.16
v1.16.17
v1.16.17-test
v1.16.17-test2
v1.16.17-test3
v1.16.18
v1.16.19
v1.16.20
v1.16.20.dev1
v1.16.20.dev3
v1.16.21
v1.16.3
v1.16.6
v1.17.0
v1.17.1
v1.17.10
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.16
v1.17.17
v1.17.18
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.18.0
v1.18.1
v1.18.10
v1.18.11
v1.18.12
v1.18.13
v1.18.2
v1.18.3
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.19.0
v1.19.2
v1.19.3
v1.19.4
v1.19.6
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.20.5
v1.20.6
v1.20.7
v1.20.8
v1.20.9
v1.21.0
v1.21.1
v1.21.4
v1.21.5
v1.21.6
v1.21.7
v1.22.10
v1.22.11
v1.22.2
v1.22.3
v1.22.5
v1.22.8
v1.22.9
v1.23.0
v1.23.1
v1.23.10
v1.23.12
v1.23.14
v1.23.15
v1.23.16
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.23.7
v1.23.8
v1.23.9
v1.24.1
v1.24.3
v1.24.5
v1.24.6
v1.25.0
v1.25.1
v1.25.2
v1.26.0
v1.26.1
v1.26.10
v1.26.11
v1.26.13
v1.26.2
v1.26.3
v1.26.4
v1.26.5
v1.26.6
v1.26.7
v1.26.8
v1.26.9
v1.27.1
v1.27.10
v1.27.14
v1.27.15
v1.27.4
v1.27.6
v1.27.7
v1.27.8
v1.27.9
v1.28.0
v1.28.1
v1.28.10
v1.28.11
v1.28.13
v1.28.2
v1.28.3
v1.28.4
v1.28.6
v1.28.7
v1.28.8
v1.28.9
v1.29.1
v1.29.3
v1.29.4
v1.29.5
v1.29.7
v1.30.0
v1.30.1
v1.30.2
v1.30.3
v1.30.4
v1.30.5
v1.30.6
v1.30.7
v1.31.10
v1.31.12
v1.31.12-dev
v1.31.12-dev1
v1.31.12-dev3
v1.31.13
v1.31.14
v1.31.15
v1.31.16
v1.31.17
v1.31.2
v1.31.3
v1.31.4
v1.31.5
v1.31.6
v1.31.7
v1.31.8
v1.31.9
v1.32.1
v1.32.3
v1.32.33-stable
v1.32.33.dev1
v1.32.4
v1.32.7
v1.32.7.dev1
v1.32.7.dev3
v1.32.7.dev5
v1.32.9
v1.33.0
v1.33.1
v1.33.2
v1.33.3
v1.33.4
v1.33.7
v1.33.8
v1.33.9
v1.34.0
v1.34.1
v1.34.10
v1.34.10.dev1
v1.34.12
v1.34.13
v1.34.14
v1.34.16
v1.34.17
v1.34.18
v1.34.19
v1.34.20
v1.34.21
v1.34.21-stable
v1.34.22
v1.34.22-stable
v1.34.22.dev15-stable
v1.34.23-stable
v1.34.25
v1.34.26
v1.34.27
v1.34.28
v1.34.28.dev12
v1.34.29
v1.34.3
v1.34.33
v1.34.34
v1.34.34.dev1
v1.34.35
v1.34.36
v1.34.36.dev2
v1.34.37
v1.34.37.dev1
v1.34.38
v1.34.39
v1.34.4
v1.34.4.dev1
v1.34.4.dev2
v1.34.40
v1.34.41
v1.34.42
v1.34.5
v1.34.6
v1.34.8
v1.34.8.dev1
v1.35.0
v1.35.1
v1.35.1.dev1
v1.35.1.dev2
v1.35.10
v1.35.11
v1.35.12
v1.35.13
v1.35.14
v1.35.15
v1.35.15-stable
v1.35.16
v1.35.17
v1.35.18
v1.35.19
v1.35.2
v1.35.2.dev4
v1.35.20
v1.35.20.dev2
v1.35.21
v1.35.21-stable
v1.35.23
v1.35.24
v1.35.24.dev1
v1.35.25
v1.35.26
v1.35.26.dev1
v1.35.28
v1.35.28.dev1
v1.35.29
v1.35.3
v1.35.30
v1.35.31
v1.35.32
v1.35.32.dev1
v1.35.33
v1.35.33.dev1
v1.35.33.dev2
v1.35.33.dev3
v1.35.34
v1.35.35
v1.35.35.dev1
v1.35.36
v1.35.36-dev2
v1.35.37
v1.35.38
v1.35.38-stable
v1.35.4
v1.35.5
v1.35.6
v1.35.7
v1.35.8
v1.35.8.dev1
v1.36.0
v1.36.1
v1.36.2
v1.36.2-stable
v1.36.3
v1.36.4
v1.36.4-stable
v1.37.0
v1.37.0.dev2_completion_cost
v1.37.0.dev_version_headers
v1.37.10
v1.37.11
v1.37.12
v1.37.12-stable
v1.37.12.dev1
v1.37.13
v1.37.13-stable
v1.37.14
v1.37.16
v1.37.16-stable
v1.37.17
v1.37.19
v1.37.19-stable
v1.37.2
v1.37.20
v1.37.20.dev1
v1.37.3
v1.37.3-stable
v1.37.5
v1.37.5-stable
v1.37.6
v1.37.7
v1.37.7-stable
v1.37.9
v1.37.9-stable
v1.38.0
v1.38.0-stable
v1.38.1
v1.38.10
v1.38.11
v1.38.12
v1.38.2
v1.38.3
v1.38.4
v1.38.4-stable
v1.38.5
v1.38.7
v1.38.7-stable
v1.38.8
v1.38.8-stable
v1.39.2
v1.39.3
v1.39.4
v1.39.5
v1.39.5-stable
v1.39.6
v1.40.0
v1.40.1
v1.40.1.dev2
v1.40.1.dev4
v1.40.2
v1.40.2-stable
v1.7.1
v1.7.11