PT-2025-12027 · Berriai · Berriai/Litellm

Published

2025-03-20

Updated

2025-04-27

CVE-2024-10188

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions BerriAI/litellm version as of commit 26c03c9

Description The issue allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.

Recommendations For BerriAI/litellm version as of commit 26c03c9, consider disabling the use of ast.literal eval for parsing user input until a patch is available. Restrict access to the litellm Python server to minimize the risk of exploitation. Avoid using ast.literal eval to parse untrusted input in the affected server.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-10188

GHSA-GW2Q-QW9J-RGV7

Affected Products

Berriai/Litellm

PT-2025-12027 · Berriai · Berriai/Litellm

CVE-2024-10188

Weakness Enumeration

Related Identifiers

Affected Products

References · 13