Vulnerability	Vulnerable Version
H Arbitrary Command Injection litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Command Injection through the `post_call_rules` configuration. An attacker can execute arbitrary commands by setting a system method, such as `os.system`, as a callback, which is executed when a chat response is processed. How to fix Arbitrary Command Injection? Upgrade `litellm` to version 1.65.5 or higher.	[,1.65.5)
H Exposure of Sensitive Information Through Metadata litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata due to an issue in `proxy_server.py`. An attacker can obtain sensitive information, including API keys, by triggering error conditions during the parsing of team settings. How to fix Exposure of Sensitive Information Through Metadata? Upgrade `litellm` to version 1.65.5 or higher.	[,1.65.5)

Arbitrary Command Injection

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to Arbitrary Command Injection through the post_call_rules configuration. An attacker can execute arbitrary commands by setting a system method, such as os.system, as a callback, which is executed when a chat response is processed.

How to fix Arbitrary Command Injection?

Upgrade litellm to version 1.65.5 or higher.

[,1.65.5)

Exposure of Sensitive Information Through Metadata

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata due to an issue in proxy_server.py. An attacker can obtain sensitive information, including API keys, by triggering error conditions during the parsing of team settings.

How to fix Exposure of Sensitive Information Through Metadata?

Upgrade litellm to version 1.65.5 or higher.

[,1.65.5)

Go back to all versions of this package