漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication
Vulnerability Description
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
LiteLLM 授权问题漏洞
Vulnerability Description
LiteLLM是LiteLLM团队开源的一个应用程序。 LiteLLM存在授权问题漏洞,该漏洞源于MCP Proxy组件中文件litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py的函数UserAPIKeyAuth操作问题,可能导致身份验证不当。以下版本受到影响:1.59.0版本、1.59.1版本、1.59.2版本、1.59.3版本、1.59.4版本、1.59.5版本、1.59.6版本、1.59.7版本和1.59.8版本。
CVSS Information
N/A
Vulnerability Type
N/A