Skip to main content

Litellm CVE-2024-4889

HIGH
Code Injection (CWE-94)
2024-06-06 security@huntr.dev
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 06, 2024 - 18:15 nvd
HIGH 7.2

DescriptionNVD

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the UI_LOGO_PATH variable to a remote server address in the get_image function, an attacker can write a malicious Google KMS configuration file to the cached_logo.jpg file. This file can then be used to execute arbitrary code by assigning malicious code to the SAVE_CONFIG_TO_DB environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.

AnalysisAI

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the UI_LOGO_PATH variable to a remote server address in the get_image function, an attacker can write a malicious Google KMS configuration file to the cached_logo.jpg file. This file can then be used to execute arbitrary code by assigning malicious code to the SAVE_CONFIG_TO_DB environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature. Affected products include: Litellm. Version information: version 1.34.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2026-42208 CRITICAL POC
9.3 May 08

SQL injection in LiteLLM proxy server versions 1.81.16 through 1.83.6 allows unauthenticated remote attackers to read an

CVE-2026-42271 HIGH POC
8.7 May 08

Remote command execution in LiteLLM proxy server versions 1.74.2 through 1.83.6 allows any authenticated user to execute

CVE-2024-2952 CRITICAL POC
9.8 Apr 10

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical s

CVE-2026-40217 HIGH POC
8.8 Apr 10

Remote code execution in BerriAI LiteLLM (all versions through 2026-04-08) enables authenticated attackers to execute ar

CVE-2024-4888 HIGH POC
8.1 Jun 06

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on t

CVE-2025-0330 HIGH POC
7.5 Mar 20

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc

CVE-2024-9606 HIGH POC
7.5 Mar 20

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi

CVE-2024-6587 HIGH POC
7.5 Sep 13

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS

CVE-2024-5225 HIGH POC
7.2 Jun 06

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` en

CVE-2024-5710 MEDIUM POC
6.5 Jun 27

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. Rated med

CVE-2024-5751 CRITICAL
9.8 Jun 27

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. Rated crit

CVE-2026-12795 MEDIUM POC
5.5 Jun 21

Missing authentication in LiteLLM's SSO Debug Flow exposes the `json.dumps` output of the `ui_sso.py` management endpoin

Share

CVE-2024-4889 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy