Platform
python
Component
litellm
Fixed in
1.44.9
1.44.8
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the berriai/litellm Python library, specifically impacting versions up to 1.9.dev0. This flaw allows attackers to potentially intercept sensitive information, such as OpenAI API keys. The vulnerability arises from improper handling of the api_base parameter within the /chat/completions endpoint. A fix is available in version 1.44.8.
The SSRF vulnerability in litellm allows an attacker to control the destination of requests made by the application. By manipulating the api_base parameter in the /chat/completions endpoint, an attacker can redirect requests to a server they control. Crucially, these requests include the OpenAI API key used by litellm. This enables the attacker to intercept the API key, effectively gaining unauthorized access to the OpenAI API and potentially performing actions on behalf of the application user. The blast radius extends to any data processed through the OpenAI API, and the attacker could leverage the compromised API key for malicious purposes, such as data exfiltration or unauthorized model usage.
This vulnerability is publicly known and documented in the CVE database. While no active exploitation campaigns have been definitively linked to CVE-2024-6587 at the time of writing, the SSRF nature of the vulnerability makes it a potential target for opportunistic attackers. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of exploitation. The vulnerability was published on 2024-09-13.
Exploit Status
EPSS
88.37% (99% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-6587 is to upgrade to version 1.44.8 or later of the litellm library. If an immediate upgrade is not feasible due to compatibility issues, consider implementing input validation on the apibase parameter to restrict allowed domains. A Web Application Firewall (WAF) could be configured to block requests with suspicious apibase values. Monitor application logs for unusual outbound requests to unexpected domains, particularly those involving API key transmission. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability with a controlled api_base value and verifying that the request is blocked or redirected as expected.
Update the litellm library to version 1.44.9 or higher. This fixes the SSRF vulnerability that allows malicious users to intercept the OpenAI API key. Run `pip install --upgrade litellm` to update to the latest version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-6587 is a Server-Side Request Forgery (SSRF) vulnerability in the berriai/litellm Python library, allowing attackers to intercept OpenAI API keys.
You are affected if you are using litellm version 1.9.dev0 or earlier. Upgrade to 1.44.8 or later to mitigate the risk.
Upgrade to version 1.44.8 or later of the litellm library. Consider input validation and WAF rules as temporary workarounds.
While no confirmed active exploitation campaigns are known, the SSRF nature of the vulnerability makes it a potential target.
Refer to the litellm project's repository and associated security advisories for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.