{ "id": "CVE-2024-10188", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:14.993", "lastModified": "2025-03-20T10:15:14.993", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server." }, { "lang": "es", "value": "Una vulnerabilidad en BerriAI/litellm, a partir del commit 26c03c9, permite a usuarios no autenticados causar una denegaci\u00f3n de servicio (DoS) al explotar el uso de ast.literal_eval para analizar la entrada del usuario. Esta funci\u00f3n no es segura y es propensa a ataques DoS, que pueden colapsar el servidor Python de litellm." } ], "metrics": { "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "security@huntr.dev", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-400" } ] } ], "references": [ { "url": "https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c", "source": "security@huntr.dev" }, { "url": "https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b", "source": "security@huntr.dev" } ] }