CVE-2024-5225

Name of the Vulnerable Software and Affected Versions berriai/litellm repository (affected versions not specified)

Description An SQL Injection issue exists due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated api key parameter directly into the query, making it susceptible to SQL Injection if the api key contains malicious data. This issue affects the /global/spend/logs endpoint. Successful exploitation could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.