漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
BerriAI litellm Admin Key key_management_endpoints.py improper authorization
Vulnerability Description
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
litellm 权限许可和访问控制问题漏洞
Vulnerability Description
LiteLLM是LiteLLM团队开源的一个应用程序。 litellm 1.63.0版本和1.63.1版本存在安全漏洞,该漏洞源于Admin Key Handler组件中文件litellm/proxy/management_endpoints/key_management_endpoints.py存在授权问题,可能导致经过身份验证的攻击者远程发起攻击。
CVSS Information
N/A
Vulnerability Type
N/A