Invia #811288: litellm <= 1.82.5 Incorrect Authorization (CWE-863)informazioni

Titololitellm <= 1.82.5 Incorrect Authorization (CWE-863)
Descrizione# Technical Details A Security Control Bypass vulnerability exists in the `async_pre_call_hook` methods within `enterprise/enterprise_hooks/banned_keywords.py` and `litellm/proxy/hooks/azure_content_safety.py` of litellm. The application fails to engage content safety guardrails during API invocations generated from standard HTTP completions because the callbacks expect HTTP string states differing from internally formatted async routing definitions. # Vulnerable Code File: `enterprise/enterprise_hooks/banned_keywords.py`, `litellm/proxy/hooks/azure_content_safety.py` Method: `async_pre_call_hook` Why: Normal HTTP completions (`/v1/chat/completions`) trigger the guardrails pipeline providing `call_type = "acompletion"`. The affected hooks attempt to assert `if call_type == "completion"`, meaning the logic condition evaluates consistently to `False`. The hooks immediately exit without triggering any scanning layers. # Reproduction 1. Compile `litellm` integrating the `banned_keywords` security hook parameter array and supply a bad keyword list (`["bannedword"]`). 2. Send a POST request to the completions interface submitting `"bannedword"` in the prompt parameters (`curl -X POST http://localhost:4000/v1/chat/completions -d '{"messages":[{"content":"bannedword test"}]}'`). 3. Note the request proxying completely unobstructed directly back from the backend LLM due to the bypassed hook filtering. # Impact - Enterprise Banned Keyword rules and Content Filtering routines via Azure are rendered totally inert and easily evaded, destroying the baseline security posture of proxied model communications.
Fonte⚠️ https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a
Utente
 Eric-c (UID 96848)
Sottomissione23/04/2026 10:08 (2 mesi fa)
Moderazione20/06/2026 19:12 (2 months later)
StatoAccettato
Voce VulDB372559 [BerriAI litellm fino a 1.82.5 Completions Interface banned_keywords.py async_pre_call_hook prompt escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!