3 matches found
CVE-2024-4264
A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...
aiconsole (>=0.2.0 <=0.2.13), aiflows (>=0.1.5 <=1.1.1) +39 more potentially affected by CVE-2024-4264 via litellm (>=0.1.400 <=1.27.8)
litellm PYPI version =0.1.400, =0.2.0, =0.1.5, =0.1.0, =0.0.1, =0.114.0, =0.0.1, =0.6.3, =0.6.0, =0.2.0, =0.2.4, =0.1.11, =0.0.1, =0.0.25 and more Source cves: CVE-2024-4264 Source advisory: OSV:GHSA-7GGM-4RJG-594W...
CVE-2024-4264
The CVE-2024-4264 entry affects berriai/litellm. The vulnerability is caused by unsafe use of eval in litellm.get_secret() when the server uses Google KMS, allowing untrusted data to be evaluated. Attackers can inject malicious values into environment variables via the /config/update endpoint, en...