漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LiteLLM: Authentication Bypass via Host Header Injection
Vulnerability Description
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0.
CVSS Information
N/A
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Berri AI LiteLLM 授权问题漏洞
Vulnerability Description
BerriAI litellm是BerriAI的人工智能。 Berri AI LiteLLM 1.84.0之前版本存在授权问题漏洞,该漏洞源于CWE-290授权问题,可能导致攻击者绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A