1.40.16
CVE-2024-5751 is a critical Remote Code Execution (RCE) vulnerability discovered in BerriAI/litellm versions up to 1.9.dev0. This flaw allows attackers to execute arbitrary code on the server by manipulating environment variables. The vulnerability stems from insecure handling of base64 encoded data within the /config/update endpoint, requiring the server to utilize Google KMS and a database for model storage. A fix is available in version 1.40.16.
The impact of CVE-2024-5751 is severe. A successful exploit grants an attacker complete control over the affected litellm server. This can lead to data breaches, system compromise, and potential lateral movement within the network. The attacker can read, modify, or delete sensitive data, install malware, or use the server as a launchpad for further attacks. The requirement for Google KMS and database storage means that deployments relying on these components are particularly vulnerable. The ability to inject arbitrary code directly into the server's environment represents a significant security risk, potentially allowing for persistent access and control.
CVE-2024-5751 was publicly disclosed on 2024-06-27. The vulnerability's ease of exploitation, combined with the critical CVSS score, suggests a potential for active exploitation. While no public proof-of-concept (PoC) has been widely reported, the availability of the vulnerability details increases the likelihood of exploitation attempts. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
5.36% (90% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5751 is to immediately upgrade to litellm version 1.40.16 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /config/update endpoint to trusted sources only, using firewall rules or network segmentation. Carefully validate and sanitize any data received through this endpoint. Monitor server logs for suspicious activity, particularly attempts to access or modify environment variables. Consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting the /config/update endpoint. After upgrading, confirm the fix by attempting to send a crafted payload to the /config/update endpoint and verifying that it is rejected.
Update the litellm library to the latest available version. This will fix the remote code execution vulnerability. Ensure you validate and sanitize any user-provided input, especially when configuring environment variables.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5751 is a critical Remote Code Execution vulnerability in litellm versions up to 1.9.dev0, allowing attackers to execute code via the /config/update endpoint.
You are affected if you are using litellm versions 1.9.dev0 or earlier, and your server utilizes Google KMS and a database for model storage.
Upgrade to litellm version 1.40.16 or later. As a temporary workaround, restrict access to the /config/update endpoint and validate incoming data.
While no widespread exploitation has been confirmed, the vulnerability's severity and public disclosure increase the risk of exploitation attempts.
Refer to the BerriAI/litellm GitHub repository and related security advisories for the latest information: [https://github.com/litellm/litellm](https://github.com/litellm/litellm)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.