CVE-2024-22020

Advisory

LiteLLM has addressed the security vulnerability CVE-2024-22020 by updating the Node.js Docker image from version 20.11.0 to 20.18.1.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* fix(proxy_server.py): pass model access groups to get_key/get_team mo… by krrishdholakia in https://github.com/BerriAI/litellm/pull/7281
* Litellm security fixes by krrishdholakia in https://github.com/BerriAI/litellm/pull/7282
* Added sambanova cloud models by rodrigo-92 in https://github.com/BerriAI/litellm/pull/7187
* Re-add prompt caching based model filtering (route to previous model) by krrishdholakia in https://github.com/BerriAI/litellm/pull/7299
* (Fix) deprecated Pydantic Config class with model_config BerriAI/li… by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7300
* (feat - proxy) Add `status_code` to `litellm_proxy_total_requests_metric_total` by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7293
* fix(hosted_vllm/transformation.py): return fake api key, if none give… by krrishdholakia in https://github.com/BerriAI/litellm/pull/7301
* LiteLLM Minor Fixes & Improvements (2024/12/18) p1 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7295
* (feat proxy) v2 - model max budgets by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7302
* (proxy admin ui) - show Teams sorted by `Team Alias` by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7296
* (Refactor) use separate file for track_cost_callback by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7304
* o1 - add image param handling by krrishdholakia in https://github.com/BerriAI/litellm/pull/7312
* (code quality) run ruff rule to ban unused imports by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7313
* [Bug Fix]: ImportError: cannot import name 'T' from 're' by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7314
* (code refactor) - Add `BaseRerankConfig`. Use `BaseRerankConfig` for `cohere/rerank` and `azure_ai/rerank` by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7319
* (feat) add infinity rerank models by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7321
* Litellm dev 12 19 2024 p2 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7315
* Langfuse Prompt Management Support by krrishdholakia in https://github.com/BerriAI/litellm/pull/7322
* Fix LiteLLM Fireworks AI Documentation by jravi-fireworks in https://github.com/BerriAI/litellm/pull/7333

New Contributors
* rodrigo-92 made their first contribution in https://github.com/BerriAI/litellm/pull/7187
* jravi-fireworks made their first contribution in https://github.com/BerriAI/litellm/pull/7333

**Full Changelog**: https://github.com/BerriAI/litellm/compare/v1.55.4...v1.55.8



Docker Run LiteLLM Proxy


docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.55.8



Don't want to maintain your internal proxy? get in touch 🎉
Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

| Name | Status | Median Response Time (ms) | Average Response Time (ms) | Requests/s | Failures/s | Request Count | Failure Count | Min Response Time (ms) | Max Response Time (ms) |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| /chat/completions | Passed ✅ | 220.0 | 237.6551034099362 | 6.125601230624555 | 0.0 | 1832 | 0 | 193.92061900009594 | 1182.1513959999947 |
| Aggregated | Passed ✅ | 220.0 | 237.6551034099362 | 6.125601230624555 | 0.0 | 1832 | 0 | 193.92061900009594 | 1182.1513959999947 |

Resources

• https://github.com/BerriAI/litellm/commit/e332e9378622ffa4fbc1a7738ca345dd838138ce#diff-8bf21d553821a5881bd8e13aa5ee68854624ebb3239c473a8f5e75d542446c32R2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22020