2 matches found
CVE-2024-4889
CVE-2024-4889 affects berriai/litellm 1.34.6. The issue stems from unvalidated input in the secret management system’s eval function. When Google KMS is configured, an attacker can set UI_LOGO_PATH to a remote server in get_image, allowing writes to a malicious Google KMS configuration file at ca...
CVE-2024-4889 Code Injection in berriai/litellm
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...