LiteLLM SQL Injection Vulnerability in Proxy API Key Verification

A SQL injection vulnerability has been identified in LiteLLM, a proxy server for calling LLM APIs in OpenAI format. This issue affects versions 1.81.16 prior to 1.83.7. The vulnerability arises because a database query used to verify proxy API keys improperly mixed user-supplied key values into the query text, rather than passing them as separate parameters. An unauthenticated attacker could exploit this by sending a crafted Authorization header to any LLM API route, such as POST /chat/completions, and access the vulnerable query through the proxy's error-handling path. This exploitation could allow the attacker to read and potentially modify data in the proxy's database, leading to unauthorized access to the proxy and its managed credentials.

Impact

Exploitation of this vulnerability could result in unauthorized access to the proxy server, allowing attackers to read and possibly modify database information, including sensitive credentials managed by the proxy.

Remediation

The vulnerability has been patched in LiteLLM version 1.83.7. Users should upgrade to this version or later. If an immediate upgrade is not possible, as a temporary workaround, set 'disable_error_logs: true' under 'general_settings' to prevent unauthenticated input from reaching the vulnerable database query.