CVE-2024-6587 PoC — LiteLLM 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-6587.yaml

Associated Vulnerability

Title:LiteLLM 代码问题漏洞 (CVE-2024-6587)
Description:LiteLLM是LiteLLM开源的一个应用程序。可以使用 OpenAI 格式调用所有 LLM API。 LiteLLM 1.38.10版本存在代码问题漏洞，该漏洞源于容易受到服务端请求伪造攻击，用户在发送请求时可以指定参数，导致应用程序将请求发送到由指定的域名，从而可能引发未经授权的访问和API密钥的潜在滥用。

Description

LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.

File Snapshot


 id: CVE-2024-6587

info:
  name: LiteLLM - Server-Side Request Forgery
  author: pdresearch,iamnoooo

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!