High

litellm

Unauthenticated Denial of Service via ast.literal_eval

An unauthenticated Denial of Service (DoS) vulnerability was discovered in the litellm server, affecting version git 26c03c9. The issue arises from the use of ast.literal_eval to parse user input, which can be exploited to crash the server. The vulnerability has not yet been patched.

Available publicly on Nov 28 2024

7.5

CVE:

CVE-2024-10188

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

oicu0619
AssessDetect

Premium

Remediate
Remediation Steps
  1. Avoid using ast.literal_eval to parse user input, especially from unauthenticated users.
  2. Implement proper input validation and sanitization to ensure that only safe data is processed.
  3. Consider using safer alternatives for parsing user input, such as json.loads for JSON data.
  4. Apply patches or updates once they are available from the maintainers of litellm.
  5. Monitor server logs for unusual activity and potential exploitation attempts.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.