CVE-2024-6587

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-6587

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6587.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-6587

Aliases

GHSA-g26j-5385-hhw3

Published

2024-09-13T15:59:53.557Z

Modified

2026-05-28T03:54:14.858267428Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

SSRF in berriai/litellm

Details

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the api_base parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by api_base. This request includes the OpenAI API key. A malicious user can set the api_base to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6587.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "@huntr_ai"
}

References

Affected packages

Git / github.com/berriai/litellm

Affected ranges

Type: GIT
Repo: https://github.com/berriai/litellm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f0fb8bdf456d8cef6edb68901f8139710d9c8ed9

Affected versions

1.*

1.16.12

1.16.13

1.16.14

1.34.2

1.34.20-stable

1.34.28.dev3

1.34.35-stable

1.34.39.dev1

1.35.1.dev1

1.35.13.dev1

1.35.24.dev6

1.35.33.dev4

1.35.36.dev1

1.35.5.dev2

1.40.8.dev1

1.41.11.dev5

1.41.12.dev1

1.41.14.dev15

1.44.6

Other

latest

pr-litellm-spend-logs-db

stable

test

v.*

v.1.32.34-stable

v0.*

v0.1.387

v0.1.492

v0.1.574

v0.1.738

v0.11.1

v0.8.4

v1.*

v1.1.0

v1.10.4

v1.11.1

v1.15.0

v1.15.5

v1.16-test2

v1.16-test3

v1.16-test4

v1.16.13

v1.16.15

v1.16.16

v1.16.17

v1.16.17-test

v1.16.17-test2

v1.16.17-test3

v1.16.18

v1.16.19

v1.16.20

v1.16.20.dev1

v1.16.20.dev3

v1.16.21

v1.16.3

v1.16.6

v1.17.0

v1.17.1

v1.17.10

v1.17.12

v1.17.13

v1.17.14

v1.17.15

v1.17.16

v1.17.17

v1.17.18

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.18.0

v1.18.1

v1.18.10

v1.18.11

v1.18.12

v1.18.13

v1.18.2

v1.18.4

v1.18.5

v1.18.6

v1.18.7

v1.18.8

v1.18.9

v1.19.0

v1.19.2

v1.19.3

v1.19.4

v1.19.6

v1.20.0

v1.20.1

v1.20.2

v1.20.3

v1.20.5

v1.20.6

v1.20.7

v1.20.8

v1.20.9

v1.21.0

v1.21.1

v1.21.4

v1.21.5

v1.21.6

v1.21.7

v1.22.10

v1.22.11

v1.22.2

v1.22.3

v1.22.5

v1.22.8

v1.22.9

v1.23.0

v1.23.1

v1.23.10

v1.23.12

v1.23.14

v1.23.15

v1.23.16

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.7

v1.23.8

v1.23.9

v1.24.1

v1.24.3

v1.24.5

v1.24.6

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.1

v1.27.10

v1.27.14

v1.27.15

v1.27.4

v1.27.6

v1.27.7

v1.27.8

v1.27.9

v1.28.0

v1.28.1

v1.28.10

v1.28.11

v1.28.13

v1.28.2

v1.28.3

v1.28.4

v1.28.6

v1.28.7

v1.28.8

v1.28.9

v1.29.1

v1.29.3

v1.29.4

v1.29.5

v1.29.7

v1.30.0

v1.30.1

v1.30.2

v1.30.3

v1.30.4

v1.30.5

v1.30.6

v1.30.7

v1.31.10

v1.31.12

v1.31.12-dev

v1.31.12-dev1

v1.31.12-dev3

v1.31.13

v1.31.14

v1.31.15

v1.31.16

v1.31.17

v1.31.2

v1.31.3

v1.31.4

v1.31.5

v1.31.6

v1.31.7

v1.31.8

v1.31.9

v1.32.1

v1.32.3

v1.32.33-stable

v1.32.33.dev1

v1.32.4

v1.32.7

v1.32.7.dev1

v1.32.7.dev3

v1.32.7.dev5

v1.32.9

v1.33.0

v1.33.1

v1.33.2

v1.33.3

v1.33.4

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.34.10

v1.34.10.dev1

v1.34.12

v1.34.13

v1.34.14

v1.34.16

v1.34.17

v1.34.18

v1.34.19

v1.34.20

v1.34.21

v1.34.21-stable

v1.34.22

v1.34.22-stable

v1.34.22.dev15-stable

v1.34.23-stable

v1.34.25

v1.34.26

v1.34.27

v1.34.28

v1.34.28.dev12

v1.34.29

v1.34.3

v1.34.33

v1.34.34

v1.34.34.dev1

v1.34.35

v1.34.36

v1.34.36.dev2

v1.34.37

v1.34.37.dev1

v1.34.38

v1.34.39

v1.34.4

v1.34.4.dev1

v1.34.4.dev2

v1.34.40

v1.34.41

v1.34.42

v1.34.5

v1.34.6

v1.34.8

v1.34.8.dev1

v1.35.0

v1.35.1

v1.35.1.dev1

v1.35.1.dev2

v1.35.10

v1.35.11

v1.35.12

v1.35.13

v1.35.14

v1.35.15

v1.35.15-stable

v1.35.16

v1.35.17

v1.35.18

v1.35.19

v1.35.2

v1.35.20

v1.35.20.dev2

v1.35.21

v1.35.21-stable

v1.35.23

v1.35.24

v1.35.24.dev1

v1.35.25

v1.35.26

v1.35.26.dev1

v1.35.28

v1.35.28.dev1

v1.35.29

v1.35.3

v1.35.30

v1.35.31

v1.35.32

v1.35.32.dev1

v1.35.33

v1.35.33.dev1

v1.35.33.dev2

v1.35.33.dev3

v1.35.34

v1.35.35

v1.35.35.dev1

v1.35.36

v1.35.36-dev2

v1.35.37

v1.35.38

v1.35.38-stable

v1.35.4

v1.35.5

v1.35.6

v1.35.7

v1.35.8

v1.35.8.dev1

v1.36.0

v1.36.1

v1.36.2

v1.36.2-stable

v1.36.3

v1.36.4

v1.36.4-stable

v1.37.0

v1.37.0.dev_version_headers

v1.37.10

v1.37.11

v1.37.12

v1.37.12-stable

v1.37.12.dev1

v1.37.13

v1.37.13-stable

v1.37.14

v1.37.16

v1.37.16-stable

v1.37.17

v1.37.19

v1.37.19-stable

v1.37.2

v1.37.20

v1.37.20.dev1

v1.37.3

v1.37.3-stable

v1.37.5

v1.37.5-stable

v1.37.6

v1.37.7

v1.37.7-stable

v1.37.9

v1.37.9-stable

v1.38.0

v1.38.0-stable

v1.38.1

v1.38.10

v1.38.11

v1.38.12

v1.38.2

v1.38.3

v1.38.4

v1.38.4-stable

v1.38.5

v1.38.7

v1.38.7-stable

v1.38.8

v1.38.8-stable

v1.39.2

v1.39.3

v1.39.4

v1.39.5

v1.39.5-stable

v1.39.6

v1.40.0

v1.40.1

v1.40.1.dev2

v1.40.1.dev4

v1.40.10

v1.40.11

v1.40.12

v1.40.13

v1.40.14

v1.40.15

v1.40.16

v1.40.17

v1.40.19

v1.40.2

v1.40.2-stable

v1.40.20

v1.40.21

v1.40.22

v1.40.24

v1.40.25

v1.40.26

v1.40.27

v1.40.28

v1.40.29

v1.40.3

v1.40.3-stable

v1.40.31

v1.40.4

v1.40.5

v1.40.6

v1.40.7

v1.40.7.dev1

v1.40.8

v1.40.8-stable

v1.40.9

v1.40.9-stable

v1.41.0

v1.41.0-stable

v1.41.1

v1.41.11

v1.41.11.dev1

v1.41.12

v1.41.13

v1.41.14

v1.41.14.dev10

v1.41.14.dev8

v1.41.15

v1.41.17

v1.41.18

v1.41.19

v1.41.2

v1.41.2-stable

v1.41.20

v1.41.21

v1.41.22

v1.41.23

v1.41.23-stable

v1.41.24

v1.41.24.dev1

v1.41.25

v1.41.26

v1.41.26.dev1

v1.41.27

v1.41.28

v1.41.3

v1.41.3.dev2

v1.41.4

v1.41.4.dev1

v1.41.5

v1.41.5.dev1

v1.41.6

v1.41.6.dev1

v1.41.7

v1.41.8

v1.41.8.dev1

v1.41.8.dev2

v1.42.0

v1.42.0-stable

v1.42.1

v1.42.10

v1.42.10-stable

v1.42.11

v1.42.12

v1.42.2

v1.42.2-stable

v1.42.3

v1.42.3-stable

v1.42.4

v1.42.4-stable

v1.42.5

v1.42.5-dev1

v1.42.5-dev2

v1.42.5-stable

v1.42.6

v1.42.7

v1.42.7-stable

v1.42.8

v1.42.9

v1.42.9-stable

v1.42.9-stable-fix

v1.42.9.dev1

v1.43.0

v1.43.1

v1.43.1-dev1

v1.43.10

v1.43.10-stable

v1.43.12

v1.43.13

v1.43.13-stable

v1.43.15

v1.43.15-stable

v1.43.16

v1.43.16-stable

v1.43.17

v1.43.18

v1.43.18-stable

v1.43.19

v1.43.19-stable

v1.43.19.dev1

v1.43.19.dev2

v1.43.2

v1.43.3

v1.43.4

v1.43.4.dev5

v1.43.5

v1.43.5-stable

v1.43.6

v1.43.6-stable

v1.43.6.dev1

v1.43.7

v1.43.7-stable

v1.43.9

v1.44.1

v1.44.2

v1.44.3

v1.44.4

v1.44.4.dev2

v1.44.5

v1.44.6

v1.44.6-stable

v1.44.7

v1.44.8

v1.7.1

v1.7.11

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6587.json"