CVE-2024-5225

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-5225

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5225.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-5225

Aliases

GHSA-h6m6-jj8v-94jj

Published

2024-06-06T19:16:06Z

Modified

2025-02-14T11:57:15.286760Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated api_key parameter directly into the query, making it susceptible to SQL Injection if the api_key contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).

References

https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type: GIT
Repo: https://github.com/berriai/litellm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6b57352400580b424361c752a02c3c1c4e14a857

Affected versions

1.*

1.16.12

1.16.13

1.16.14

1.34.2

1.34.20-stable

1.34.28.dev3

1.34.35-stable

1.34.39.dev1

1.34.40.dev1

1.35.1.dev1

1.35.13.dev1

1.35.19.dev1

1.35.24.dev6

1.35.26.dev3

1.35.33.dev4

1.35.36

1.35.36.dev1

1.35.5.dev2

Other

latest

pr-litellm-spend-logs-db

stable

test

v.*

v.1.32.34-stable

v0.*

v0.1.387

v0.1.492

v0.1.574

v0.1.738

v0.11.1

v0.8.4

v1.*

v1.1.0

v1.10.4

v1.11.1

v1.15.0

v1.15.5

v1.16-test2

v1.16-test3

v1.16-test4

v1.16.13

v1.16.15

v1.16.16

v1.16.17

v1.16.17-test

v1.16.17-test2

v1.16.17-test3

v1.16.18

v1.16.19

v1.16.20

v1.16.20.dev1

v1.16.20.dev3

v1.16.21

v1.16.3

v1.16.6

v1.17.0

v1.17.1

v1.17.10

v1.17.12

v1.17.13

v1.17.14

v1.17.15

v1.17.16

v1.17.17

v1.17.18

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.2

v1.18.3

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.19.0

v1.19.2

v1.19.3

v1.19.4

v1.19.6

v1.20.0

v1.20.1

v1.20.2

v1.20.3

v1.20.5

v1.20.6

v1.20.7

v1.20.8

v1.20.9

v1.21.0

v1.21.1

v1.21.4

v1.21.5

v1.21.6

v1.21.7

v1.22.10

v1.22.11

v1.22.2

v1.22.3

v1.22.5

v1.22.8

v1.22.9

v1.23.0

v1.23.1

v1.23.10

v1.23.12

v1.23.14

v1.23.15

v1.23.16

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.7

v1.23.8

v1.23.9

v1.24.1

v1.24.3

v1.24.5

v1.24.6

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.1

v1.27.10

v1.27.14

v1.27.15

v1.27.4

v1.27.6

v1.27.7

v1.27.8

v1.27.9

v1.28.0

v1.28.1

v1.28.10

v1.28.11

v1.28.13

v1.28.2

v1.28.3

v1.28.4

v1.28.6

v1.28.7

v1.28.8

v1.28.9

v1.29.1

v1.29.3

v1.29.4

v1.29.5

v1.29.7

v1.30.0

v1.30.1

v1.30.2

v1.30.3

v1.30.4

v1.30.5

v1.30.6

v1.30.7

v1.31.10

v1.31.12

v1.31.12-dev

v1.31.12-dev1

v1.31.12-dev3

v1.31.13

v1.31.14

v1.31.15

v1.31.16

v1.31.17

v1.31.2

v1.31.3

v1.31.4

v1.31.5

v1.31.6

v1.31.7

v1.31.8

v1.31.9

v1.32.1

v1.32.3

v1.32.33-stable

v1.32.33.dev1

v1.32.4

v1.32.7

v1.32.7.dev1

v1.32.7.dev3

v1.32.7.dev5

v1.32.9

v1.33.0

v1.33.1

v1.33.2

v1.33.3

v1.33.4

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.34.10

v1.34.10.dev1

v1.34.12

v1.34.13

v1.34.14

v1.34.16

v1.34.17

v1.34.18

v1.34.19

v1.34.20

v1.34.21

v1.34.21-stable

v1.34.22

v1.34.22-stable

v1.34.22.dev15-stable

v1.34.23-stable

v1.34.25

v1.34.26

v1.34.27

v1.34.28

v1.34.28.dev12

v1.34.29

v1.34.3

v1.34.33

v1.34.34

v1.34.34.dev1

v1.34.35

v1.34.36

v1.34.36.dev2

v1.34.37

v1.34.37.dev1

v1.34.38

v1.34.39

v1.34.4

v1.34.4.dev1

v1.34.4.dev2

v1.34.40

v1.34.41

v1.34.42

v1.34.5

v1.34.6

v1.34.8

v1.34.8.dev1

v1.35.0

v1.35.1

v1.35.1.dev1

v1.35.1.dev2

v1.35.10

v1.35.11

v1.35.12

v1.35.13

v1.35.14

v1.35.15

v1.35.15-stable

v1.35.16

v1.35.17

v1.35.18

v1.35.19

v1.35.2

v1.35.2.dev4

v1.35.20

v1.35.20.dev2

v1.35.21

v1.35.21-stable

v1.35.23

v1.35.24

v1.35.24.dev1

v1.35.25

v1.35.26

v1.35.26.dev1

v1.35.28

v1.35.28.dev1

v1.35.29

v1.35.3

v1.35.30

v1.35.31

v1.35.32

v1.35.32.dev1

v1.35.33

v1.35.33.dev1

v1.35.33.dev2

v1.35.33.dev3

v1.35.34

v1.35.35

v1.35.35.dev1

v1.35.36

v1.35.36-dev2

v1.35.37

v1.35.38

v1.35.38-stable

v1.35.4

v1.35.5

v1.35.6

v1.35.7

v1.35.8

v1.35.8.dev1

v1.36.0

v1.36.1

v1.36.2

v1.36.2-stable

v1.36.3

v1.36.4

v1.36.4-stable

v1.37.0

v1.37.0.dev2_completion_cost

v1.37.0.dev_version_headers

v1.37.10

v1.37.11

v1.37.12

v1.37.12-stable

v1.37.12.dev1

v1.37.13

v1.37.13-stable

v1.37.14

v1.37.16

v1.37.16-stable

v1.37.17

v1.37.19

v1.37.19-stable

v1.37.2

v1.37.20

v1.37.20.dev1

v1.37.3

v1.37.3-stable

v1.37.5

v1.37.5-stable

v1.37.6

v1.37.7

v1.37.7-stable

v1.37.9

v1.37.9-stable

v1.38.0

v1.38.0-stable

v1.38.1

v1.38.10

v1.38.11

v1.38.12

v1.38.2

v1.38.3

v1.38.4

v1.38.4-stable

v1.38.5

v1.38.7

v1.38.7-stable

v1.38.8

v1.38.8-stable

v1.39.2

v1.39.3

v1.39.4

v1.39.5

v1.39.5-stable

v1.39.6

v1.40.0

v1.40.1

v1.40.1.dev2

v1.40.1.dev4

v1.40.2

v1.40.2-stable

v1.7.1

v1.7.11