Описание
LiteLLM Has a Leakage of Langfuse API Keys
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.
Пакеты
Наименование
litellm
pip
Затронутые версииВерсия исправления
<= 1.52.1
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
11 месяцев назад
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.