litellm@1.91.3

Library to easily interface with LLM API providers

  • latest version

    1.93.0.dev3

  • first published

    2 years ago

  • latest version published

    2 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the litellm package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insufficient Session Expiration

    litellm is a Library to easily interface with LLM API providers

    Affected versions of this package are vulnerable to Insufficient Session Expiration in the get_redirect_response_from_openid() function of the SSO Authentication Flow process. An attacker can cause premature session termination by manipulating authentication responses remotely, potentially leading to unauthorized session expiration and disruption of user access.

    How to fix Insufficient Session Expiration?

    There is no fixed version for litellm.

    [0,)
    • M
    Missing Authentication for Critical Function

    litellm is a Library to easily interface with LLM API providers

    Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /sso/debug/login and /sso/debug/callback endpoints in the SSO Debug Flow. An attacker can gain unauthorized access and potentially manipulate sensitive information by sending crafted requests to the affected endpoint.

    How to fix Missing Authentication for Critical Function?

    There is no fixed version for litellm.

    [0,)
    • H
    Insufficient Session Expiration

    litellm is a Library to easily interface with LLM API providers

    Affected versions of this package are vulnerable to Insufficient Session Expiration in the authenticate_user function. An attacker can gain unauthorized access or maintain access to sensitive information by exploiting session management flaws.

    How to fix Insufficient Session Expiration?

    There is no fixed version for litellm.

    [0,)