CVE-2024-6825 Information

Description

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the ‘post_call_rules’ configuration where a callback function can be added. The provided value is split at the final ‘.’ mark with the last part considered the function name and the remaining part appended with the ‘.py’ extension and imported. This allows an attacker to set a system method such as ‘os.system’ as a callback enabling the execution of arbitrary commands when a chat response is processed.

Reference

https://huntr.com/bounties/1d98bebb-6cf4-46c9-87c3-d3b1972973b5