2025-03-20 10:11:36
@huntr_ai
PUBLISHED
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the post_call_rules configuration, where a callback function can be added. The provided value is split at the final . mark, with the last part considered the function name and the remaining part appended with the .py extension and imported. This allows an attacker to set a system method, such as os.system, as a callback, enabling the execution of arbitrary commands when a chat response is processed.