Miggo Logo
Miggo Vulnerability Database
CVE-2024-9606

CVE-2024-9606: LiteLLM Reveals Portion of API Key via a Logging File

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2024-9606
GHSA ID
GHSA-g5pg-73fc-hjwq
EPSS Score
0.13178%
CWE
CWE-117
Published
3/20/2025
Updated
3/20/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
litellmpip

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from the pre_call function's masking implementation shown in the diff. The original code used api_base[key_index + 5:] which keeps the remainder of the key after masking 5 characters, while the patched version uses api_base[-4:] to only leave the last 4 characters unmasked. This function is explicitly called to log API call details, and the CWE-117 classification confirms this is a logging output sanitization issue. Other changed files relate to test cases and API integrations, but the core vulnerability resides in the logging function's masking logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In **rri*i/lit*llm ***or* v*rsion *.**.**, t** `lit*llm/lit*llm_*or*_utils/lit*llm_lo**in*.py` *il* *ont*ins * vuln*r**ility w**r* t** *PI k*y m*skin* *o** only m*sks t** *irst * ***r**t*rs o* t** k*y. T*is r*sults in t** l**k*** o* *lmost t** *ntir*

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom t** pr*_**ll *un*tion's m*skin* impl*m*nt*tion s*own in t** *i**. T** ori*in*l *o** us** *pi_**s*[k*y_in**x + *:] w*i** k**ps t** r*m*in**r o* t** k*y **t*r m*skin* * ***r**t*rs, w*il* t** p*t**** v*rsion us*s *p