GHSA-53gh-p8jc-7rg8

Source

https://github.com/advisories/GHSA-53gh-p8jc-7rg8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-53gh-p8jc-7rg8/GHSA-53gh-p8jc-7rg8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-53gh-p8jc-7rg8

Aliases

CVE-2024-6825

Published

2025-03-20T12:32:45Z

Modified

2025-03-20T20:32:11.331808Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

LiteLLM Vulnerable to Remote Code Execution (RCE)

Details

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.

Database specific

{
    "nvd_published_at": "2025-03-20T10:15:33Z",
    "cwe_ids": [
        "CWE-77"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-20T19:55:11Z"
}

References

Affected packages

PyPI / litellm

Package

Name: litellm; View open source insights on deps.dev
Purl: pkg:pypi/litellm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.40.3.dev2

Last affected

1.40.12

Affected versions

1.*

1.40.3

1.40.4

1.40.5

1.40.6

1.40.7

1.40.8

1.40.9

1.40.10

1.40.11

1.40.12