Vulnerability	Vulnerable Version
C User Impersonation litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package. Affected versions of this package are vulnerable to User Impersonation via manipulation of the `Host` header during HTTP requests. An attacker can gain unauthorized access to protected management routes by crafting a malicious `Host` header that causes the authentication layer to evaluate a different route than intended. Note: This is only exploitable if there is no upstream component (such as a CDN, WAF, reverse proxy with explicit server name allowlists, or host-based load balancer) validating or normalizing the `Host` header before forwarding requests. How to fix User Impersonation? Upgrade `litellm-proxy-extras` to version 0.4.72 or higher.	[,0.4.72)

User Impersonation

litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package.

Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to protected management routes by crafting a malicious Host header that causes the authentication layer to evaluate a different route than intended.

Note: This is only exploitable if there is no upstream component (such as a CDN, WAF, reverse proxy with explicit server name allowlists, or host-based load balancer) validating or normalizing the Host header before forwarding requests.

How to fix User Impersonation?

Upgrade litellm-proxy-extras to version 0.4.72 or higher.

[,0.4.72)

Go back to all versions of this package