Description

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.

INFO

Published Date :

2024-06-27T18:40:49.896Z

Last Modified :

2025-10-15T12:50:28.520Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5751 vulnerability.

Vendors Products
Litellm
  • Litellm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5751.

URL Resource
https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact