CVE-2024-5225
📋 TL;DR
An SQL injection vulnerability in the berriai/litellm repository allows attackers to execute arbitrary SQL commands via the /global/spend/logs endpoint by manipulating the api_key parameter. This affects all users running the latest version of the repository, potentially leading to data breaches and system compromise.
💻 Affected Systems
- berriai/litellm
📦 What is this software?
Litellm by Litellm
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data exfiltration, data manipulation, privilege escalation, and denial of service through database corruption or deletion.
Likely Case
Unauthorized access to sensitive API usage logs, exposure of confidential API keys and user data, and potential lateral movement within the database.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection, though other vulnerabilities might still exist.
🎯 Exploit Status
Exploitation requires access to the vulnerable endpoint but is straightforward due to direct SQL concatenation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check repository for latest patched version
Vendor Advisory: https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c
Restart Required: Yes
Instructions:
1. Update to the latest patched version from the official repository
2. Replace vulnerable SQL concatenation with parameterized queries
3. Validate and sanitize all user inputs before database operations
4. Restart the application service
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation for api_key parameter before processing
# Add validation in your application code
if not re.match(r'^[a-zA-Z0-9_-]+$', api_key):
raise ValueError('Invalid API key format')
WAF Rule
allDeploy web application firewall rules to block SQL injection patterns
# Example ModSecurity rule
SecRule ARGS:api_key "@detectSQLi" "id:1001,phase:2,deny,status:403"
🧯 If You Can't Patch
- Disable or restrict access to the /global/spend/logs endpoint using network ACLs or authentication
- Implement database-level protections: use least privilege database accounts, enable SQL injection protection features
🔍 How to Verify
Check if Vulnerable:
Review source code for SQL concatenation in /global/spend/logs endpoint handlingCheck Version:
Check package.json or repository version in deploymentVerify Fix Applied:
Test with SQL injection payloads (e.g., ' OR '1'='1) against the endpoint to confirm rejection📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed login attempts with SQL-like patterns in api_key parameter
- Unexpected database queries from application user
Network Indicators:
- HTTP requests to /global/spend/logs with SQL keywords in parameters
- Unusual database connection patterns from application server
SIEM Query:
source="application.logs" AND ("SQL syntax" OR "unexpected token" OR "api_key=*'*'*")