AI Threat Alert
Published March 20, 2025
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| litellm | pip | < 1.53.1.dev1 | 1.53.1.dev1 |
Do you use litellm? You're affected.
Severity & Risk
CVSS 3.1
7.5 / 10
EPSS
0.1%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
Patch available
Update litellm to version 1.53.1.dev1
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
Weaknesses (CWE)
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References
- github.com/advisories/GHSA-gw2q-qw9j-rgv7
- github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c
- huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b
- nvd.nist.gov/vuln/detail/CVE-2024-10188
- github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c
- huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b
Timeline
Published
March 20, 2025
Last Modified
March 20, 2025
First Seen
March 20, 2025