CVE-2024-9606

High CVSS: 7.5

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.

Vendor

Litellm

Product

Litellm

CWE

CWE-117

Yayın Tarihi

2025-03-20 10:15:49

Güncelleme

2025-04-07 14:50:05

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-117 Litellm HIGH Litellm 2025

Referanslar

https://github.com/berriai/litellm/commit/9094071c4782183e84f10630e2450be3db55509a https://huntr.com/bounties/4a03796f-a8d4-4293-84ef-d3959456223a

Benzer Kayıtlar

Medium

CVE-2025-45809

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key…

High

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc…

High

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited b…

High

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the hand…