LiteLLM, an open-source proxy server for language model APIs, had two vulnerabilities allowing remote code execution via a standard API key. These exploits stemmed from environment variable disclosure and a Jinja2 server-side template injection. Both vulnerabilities were addressed in the v1.84.0-rc.1 patch, implementing multiple security measures.