CVE-2024-4890
📋 TL;DR
A blind SQL injection vulnerability in berriai/litellm's '/team/update' endpoint allows attackers to inject malicious SQL through the 'user_id' parameter. This could lead to unauthorized access to sensitive database information including API keys, user data, and tokens. Organizations using litellm version 1.27.14 are affected.
💻 Affected Systems
- berriai/litellm
📦 What is this software?
Litellm by Litellm
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to theft of all API keys, user credentials, and sensitive tokens, potentially enabling lateral movement and full system takeover.
Likely Case
Extraction of sensitive API keys and user information, leading to unauthorized API usage, data breaches, and potential account compromise.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only affecting non-sensitive data or failing due to query constraints.
🎯 Exploit Status
Exploitation requires access to the '/team/update' endpoint but SQL injection is straightforward once endpoint access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.27.15 or later
Vendor Advisory: https://github.com/BerriAI/litellm/security/advisories
Restart Required: Yes
Instructions:
1. Update litellm to version 1.27.15 or later using 'pip install --upgrade litellm'. 2. Restart the litellm service. 3. Verify the update with 'litellm --version'.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation for the 'user_id' parameter to only accept expected formats
# In your litellm configuration or middleware, add validation:
# Validate user_id is numeric and within expected range
if not user_id.isdigit() or int(user_id) < 1:
return error_response
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns
# Example ModSecurity rule:
SecRule ARGS:user_id "@detectSQLi" \
"id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
# Cloudflare WAF: Enable SQL Injection protection in firewall rules
🧯 If You Can't Patch
- Implement strict network segmentation to isolate litellm instances from sensitive databases
- Deploy database monitoring and alerting for unusual SQL query patterns
🔍 How to Verify
Check if Vulnerable:
Check if running litellm version 1.27.14 and review code for raw SQL queries in '/team/update' endpointCheck Version:
litellm --versionVerify Fix Applied:
Verify litellm version is 1.27.15 or later and test '/team/update' endpoint with SQL injection payloads📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed authentication attempts followed by '/team/update' requests
- Unexpected database queries from litellm application
Network Indicators:
- Unusual traffic patterns to '/team/update' endpoint
- SQL injection patterns in HTTP requests
SIEM Query:
source="litellm_logs" AND (uri_path="/team/update" AND (message="*SQL*" OR message="*syntax*" OR message="*error*"))