Jaydns

**Name of the Vulnerable Software and Affected Versions** Sentry versions 21.12.0 through 26.4.0 **Description** A flaw in the SAML SSO implementation allows attackers to take over user accounts in multi-org instances through malicious Identity Providers. If a victim's email is known, an attacker can bypass authentication and link identities to gain unauthorized access. **Recommendations** Upgrade to version 26.4.1.

**Name of the Vulnerable Software and Affected Versions** LiteLLM versions 1.81.16 through 1.83.6 **Description** An unauthenticated SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixed caller-supplied key values directly into the query text instead of using parameterized queries. An attacker can exploit this by sending a specially crafted `Authorization` header to any LLM API route, such as 'POST /chat/completions', reaching the vulnerable query through the proxy's error-handling path. This allows an attacker to read or modify data within the proxy's database, specifically targeting tables like `litellm credentials`, `litellm config`, and `LiteLLM VerificationToken`, which can lead to the theft of provider credentials and API keys for services like OpenAI, Anthropic, and AWS Bedrock. Real-world incidents occurred within 36 hours of disclosure, with attackers using `UNION SELECT` payloads to extract sensitive information. **Recommendations** Update LiteLLM to version 1.83.7 or higher. As a temporary workaround, set `disable error logs: true` under `general settings` to remove the path that allows unauthenticated input to reach the vulnerable query. Immediately revoke and regenerate all AI API keys and audit IAM roles for unauthorized activity if the instance was publicly exposed.

**Name of the Vulnerable Software and Affected Versions** LiteLLM versions 1.80.5 through 1.83.6 **Description** The 'POST /prompts/test' endpoint accepts user-supplied prompt templates and renders them without sandboxing. An authenticated user with a valid proxy API key can provide a crafted template to execute arbitrary code within the LiteLLM Proxy process. This may lead to the exposure of environment secrets, such as database credentials or provider API keys, and allow the execution of commands on the host system. **Recommendations** Update to version 1.83.7. Block the 'POST /prompts/test' endpoint at the reverse proxy or API gateway. Review and rotate API keys that should not have access to prompt management routes.

**Name of the Vulnerable Software and Affected Versions** Cal.com versions 3.1.6 through 6.0.6 **Description** Cal.com, an open-source scheduling software, has a critical flaw in a custom NextAuth JWT callback. This issue allows attackers to gain full authenticated access to any user's account by supplying a target email address via the `session.update()` function. The vulnerability bypasses protections at the session token level, potentially enabling account takeover, including access to bookings, integrations, organizational access, billing, and administrative privileges. Approximately 7,000 instances are potentially affected. The issue allows attackers to overwrite identity fields during the `session.update()` process and impersonate any user. Two-factor authentication and identity providers do not prevent this post-authentication session hijack. The vulnerability is related to unvalidated email input in the `session.update()` function. **Recommendations** Cal.com versions 3.1.6 through 6.0.6 must be upgraded to version 6.0.7 or later to resolve this issue.