Mmetụta
LiteLLM nwere adịghị ike ịgba ọgwụ SQL dị egwu na usoro nkwenye igodo ya API [S1]. Mmejọ a na-enye ohere ka ndị na-awakpo akọwapụtaghị ikike ịgafe nyocha nchekwa wee nwee ike ịnweta ma ọ bụ wepụ data sitere na nchekwa data dị n'okpuru [S1][S3].
Ihe kpatara ya
Achọpụtara okwu a dị ka CWE-89 (SQL Injection) [S1]. Ọ dị na mgbagha nkwenye igodo API nke LiteLLM Proxy akụrụngwa [S2]. Ọdịmma ahụ sitere na ezughị oke ntinye ntinye nke ejiri na ajụjụ nchekwa data [S1].
Ụdị emetụtara
Ụdị LiteLLM 1.81.16 ruo 1.83.6 adịghị ike a [S1] na-emetụta ya.
Concrete ndozi
Melite LiteLLM na ụdị 1.83.7 ma ọ bụ karịa ka ibelata adịghị ike a [S1].
Kedu ka FixVibe si nwalee ya
FixVibe gụnyere nke a na nyocha GitHub repo. Nlele ahụ na-agụ naanị faịlụ ndabere nchekwa ikike, gụnyere requirements.txt, pyproject.toml, poetry.lock, na Pipfile.lock. Ọ na-esetịpụ ntụtụ LiteLLM ma ọ bụ mmachi ụdị dabara na nso emetụtara >=1.81.16 <1.83.7, wee kọọ faịlụ dabere, nọmba ahịrị, NJ ndụmọdụ, oke emetụtara na ụdị edoziri.
Nke a bụ nlele repo naanị agụghị. Ọ naghị eme koodu ndị ahịa na ọ naghị ezipu ibu akwụ ụgwọ nrigbu.