mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.2 KiB
1.2 KiB
CVE-2024-4888
Description
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where os.remove(file.filename) is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.
POC
Reference
No PoCs from references.