CVE-2024-9606
HIGHDescription
In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.
Is your site exposed to CVE-2024-9606?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| litellm | litellm |
References
Frequently Asked Questions
What is CVE-2024-9606? +
How severe is CVE-2024-9606? +
What products are affected by CVE-2024-9606? +
How do I check if I'm vulnerable to CVE-2024-9606? +
Related Vulnerabilities
The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into …
wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that …
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or …
Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue …
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 …
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable …