Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exposure of Sensitive Information in berriai/litellm
Vulnerability Description
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.
CVSS Information
N/A
Vulnerability Type
CWE-1230
Vulnerability Title
LiteLLM 安全漏洞
Vulnerability Description
LiteLLM是Berri AI开源的一个应用程序。可以使用 OpenAI 格式调用所有 LLM API。 LiteLLM v1.52.1版本存在安全漏洞,该漏洞源于解析团队设置时错误导致Langfuse API密钥泄露,可能导致敏感信息暴露。
CVSS Information
N/A
Vulnerability Type
N/A