Filtered by vendor Berriai
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6587 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2024-09-20 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key. | ||||
| CVE-2024-42679 | 2 Berriai, Cysoft168 | 2 Litellm, Super Easy Enterprise Management System | 2024-09-06 | 7.8 High |
| SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. | ||||
Page 1 of 1.