CVE-2024-6825

Description

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the post_call_rules configuration, where a callback function can be added. The provided value is split at the final . mark, with the last part considered the function name and the remaining part appended with the .py extension and imported. This allows an attacker to set a system method, such as os.system, as a callback, enabling the execution of arbitrary commands when a chat response is processed.