Описание
A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
Уязвимые конфигурации
Конфигурация 1Версия до 1.65.4 (исключая)
Одно из
cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
cpe:2.3:a:litellm:litellm:1.65.4:dev2:*:*:*:*:*:*
cpe:2.3:a:litellm:litellm:1.65.4:dev6:*:*:*:*:*:*
cpe:2.3:a:litellm:litellm:1.65.4:dev8:*:*:*:*:*:*
cpe:2.3:a:litellm:litellm:1.65.4:nightly:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00202
Низкий
7.5 High
CVSS3
Дефекты
CWE-770
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
11 месяцев назад
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
EPSS
Процентиль: 42%
0.00202
Низкий
7.5 High
CVSS3
Дефекты
CWE-770
NVD-CWE-noinfo