Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Published

2025-03-20T10:15:45.583

Last Modified

2025-07-15T14:59:06.360

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-400
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	litellm	litellm	< 1.65.4	Yes
Application	litellm	litellm	1.65.4	Yes
Application	litellm	litellm	1.65.4	Yes
Application	litellm	litellm	1.65.4	Yes
Application	litellm	litellm	1.65.4	Yes

References

https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355 Exploit, Third Party Advisory ([email protected])