All intelligence
// vulnerability record
live · NVDCVE-2024-10188
HIGHpublished 2025-03-20 10:15 UTC · 1 year ago · modified 2026-06-17 06:55 UTC
7.5
CVSS / 10
// description
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
// cvss 3.0 vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
// weaknesses (CWE)
- CWE-400