CVE-2024-4889 - Vulnerability Details - OpenCVE

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Litellm	Litellm

Configuration 1 [-]

cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0067}`	epss `{'score': 0.00123}`

Tue, 15 Oct 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Litellm Litellm litellm
CPEs		cpe:2.3:a:litellm:litellm::::::::
Vendors & Products		Litellm Litellm litellm
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T17:53:35.202Z

Updated: 2024-08-01T20:55:10.313Z

Reserved: 2024-05-14T22:33:16.479Z

Link: CVE-2024-4889

Vulnrichment

Updated: 2024-08-01T20:55:10.313Z

NVD

Status : Modified

Published: 2024-06-06T18:15:18.577

Modified: 2024-11-21T09:43:47.970

Link: CVE-2024-4889

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4889", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-05-14T22:33:16.479Z", "datePublished": "2024-06-06T17:53:35.202Z", "dateUpdated": "2024-08-01T20:55:10.313Z"}, "containers": {"cna": {"title": "Code Injection in berriai/litellm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T17:53:35.202Z"}, "descriptions": [{"lang": "en", "value": "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature."}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code", "cweId": "CWE-94"}]}], "source": {"advisory": "be3fda72-a65b-4993-9a0e-7e0f05db51f8", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "berriai", "product": "litellm", "cpes": ["cpe:2.3:a:berriai:litellm:1.34.6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.34.6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T20:34:08.026659Z", "id": "CVE-2024-4889", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T20:34:14.108Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.313Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.313Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4889", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-12T20:34:08.026659Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:berriai:litellm:1.34.6:*:*:*:*:*:*:*"], "vendor": "berriai", "product": "litellm", "versions": [{"status": "affected", "version": "1.34.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:22:22.047Z"}}], "cna": {"title": "Code Injection in berriai/litellm", "source": {"advisory": "be3fda72-a65b-4993-9a0e-7e0f05db51f8", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8"}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T17:53:35.202Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4889", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:10.313Z", "dateReserved": "2024-05-14T22:33:16.479Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T17:53:35.202Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*", "matchCriteriaId": "C90542D4-7994-47FF-8394-D537FCF72331", "versionEndExcluding": "1.44.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la aplicaci\u00f3n berriai/litellm, versi\u00f3n 1.34.6, debido al uso de entradas no validadas en la funci\u00f3n de evaluaci\u00f3n dentro del sistema de gesti\u00f3n de secretos. Esta vulnerabilidad requiere un archivo de configuraci\u00f3n de Google KMS v\u00e1lido para ser explotable. Espec\u00edficamente, al configurar la variable `UI_LOGO_PATH` en una direcci\u00f3n de servidor remoto en la funci\u00f3n `get_image`, un atacante puede escribir un archivo de configuraci\u00f3n malicioso de Google KMS en el archivo `cached_logo.jpg`. Este archivo luego se puede usar para ejecutar c\u00f3digo arbitrario asignando c\u00f3digo malicioso a la variable de entorno `SAVE_CONFIG_TO_DB`, lo que lleva al control total del sistema. La vulnerabilidad depende del uso de la funci\u00f3n Google KMS."}], "id": "CVE-2024-4889", "lastModified": "2024-11-21T09:43:47.970", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T18:15:18.577", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@huntr.dev", "type": "Secondary"}]}