Umthelela
I-LiteLLM iqukethe ukuba sengozini okubalulekile komjovo we-SQL ku-Proxy API inqubo yokuqinisekisa ukhiye [S1]. Leli phutha livumela abahlaseli abangagunyaziwe ukuthi badlule ukuhlolwa kokuvikela futhi bakwazi ukufinyelela noma bakhiphe idatha kusuka kusizindalwazi esingaphansi [S1][S3].
Imbangela
Inkinga ikhonjwe njenge-CWE-89 (SQL Injection) [S1]. Itholakala ku-API yokhiye wokuqinisekisa wengxenye ye-LiteLLM Ummeleli we-[S2]. Ubungozi busukela ekuhlanzeni okunganele kokufakwayo okusetshenziswe emibuzweni yesizindalwazi [S1].
Izinguqulo Ezithintekile
Izinguqulo ze-LiteLLM 1.81.16 ukuya ku-1.83.6 ziyathinteka kulokhu kuba sengcupheni [S1].
Ukulungiswa kukakhonkolo
Buyekeza i-LiteLLM ibe inguqulo 1.83.7 noma ngaphezulu ukuze unciphise lobu sengozini [S1].
I-FixVibe iyihlolela kanjani
I-FixVibe manje ihlanganisa lokhu ku-GitHub repo scans. Isheke lifunda amafayela ancike enqolobaneni agunyaziwe kuphela, okuhlanganisa i-requirements.txt, pyproject.toml, poetry.lock, kanye ne-Pipfile.lock. Ihlaba umkhosi izikhonkwane ze-LiteLLM noma imikhawulo yenguqulo efana nobubanzi obuthintekile >=1.81.16 <1.83.7, bese ibika ifayela lokuncika, inombolo yomugqa, ama-ID abelulekayo, ububanzi obuthintekile, nenguqulo engaguquki.
Lokhu ukuhlola kwe-repo okumile, okufundwayo kuphela. Ayisebenzisi ikhodi yekhasimende futhi ayithumeli ukuxhaphaza okukhokhelwayo.