CVE-2024-5751

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Jun 27, 2024 / Updated: 4mo ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

A vulnerability in BerriAI/litellm version v1.35.8 allows an attacker to achieve remote code execution. The vulnerability is present in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This vulnerability requires the server to use Google KMS and a database to store a model.

Impact

The impact of this vulnerability is severe. An attacker can execute arbitrary code remotely on the affected server, potentially leading to full system compromise. This could result in unauthorized access to sensitive data, modification or deletion of critical information, and potential use of the compromised server as a stepping stone for further attacks within the network. The CVSS v3 base score of 9.8 (Critical) indicates high impacts on confidentiality, integrity, and availability of the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed, as indicated by the "patched" status in the vulnerability data. The patch details show that a Github Advisory (GHSA-gppg-gqw8-wh9g) was published on 2024-06-27, which likely contains information about the fix and potentially updated versions of the software.

Mitigation

1. Immediately update BerriAI/litellm to a version newer than v1.35.8. 2. If immediate updating is not possible, consider temporarily disabling or restricting access to the `/config/update` endpoint. 3. Implement strict input validation and sanitization for any data processed by the `add_deployment` function. 4. Review and restrict permissions related to Google KMS and the database used for storing models. 5. Implement network segmentation to limit potential lateral movement in case of a successful exploit. 6. Monitor for any suspicious activities, especially those related to the `/config/update` endpoint and environment variable changes. 7. Conduct a thorough security audit of the system to identify any potential compromises that may have occurred before patching.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-5751

Jun 27, 2024 at 7:15 PM
First Article

Feedly found the first article mentioning CVE-2024-5751. See article

Jun 27, 2024 at 7:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 27, 2024 at 7:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.1%)

Jun 28, 2024 at 9:56 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Jun 28, 2024 at 9:11 PM / github_advisories
Static CVE Timeline Graph

Affected Systems

Litellm/litellm
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

Vendor Advisory

[GHSA-gppg-gqw8-wh9g] litellm vulnerable to remote code exection base on using eval unsafely
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. An attacker can exploit this by sending a malicious payload to the /config/update endpoint, which is then processed and executed by the server when the get_secret function is triggered.

News

[GHSA-gppg-gqw8-wh9g] litellm vulnerable to remote code exection base on using eval unsafely
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. An attacker can exploit this by sending a malicious payload to the /config/update endpoint, which is then processed and executed by the server when the get_secret function is triggered.
CVE-2024-5751 - BerriAI/litellm version v1.35.8 contains a vulnera
CVE ID : CVE-2024-5751 Published : June 27, 2024, 7:15 p.m. 18 hours, 27 minutes ago Description : BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model. Severity:
NA - CVE-2024-5751 - BerriAI/litellm version v1.35.8 contains a...
An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. Cvss vector : Cvss Base Score N/A Attack Range N/A Cvss Impact Score N/A Attack Complexity N/A Cvss Expoit Score N/A Authentication N/A Calculate full CVSS 2.0 Vectors scores
CVE-2024-5751 | berriai litellm up to 1.35.8 Environment Variable add_deployment code injection
A vulnerability was found in berriai litellm up to 1.35.8 . It has been declared as very critical . This vulnerability affects the function add_deployment of the component Environment Variable Handler . The manipulation leads to code injection. This vulnerability was named CVE-2024-5751 . The attack can be initiated remotely. There is no exploit available.
CVE-2024-5751
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI