प्लेटफ़ॉर्म
python
घटक
berriai/litellm
A critical Remote Code Execution (RCE) vulnerability has been identified in the berriai/litellm Python library, affecting versions up to the latest release. This vulnerability stems from the unsafe use of the eval function within the litellm.get_secret() method when interacting with Google KMS. Attackers can leverage this flaw to execute arbitrary code on the server, potentially leading to complete system compromise.
The impact of CVE-2024-4264 is severe. An attacker can exploit this vulnerability by injecting malicious values into environment variables, specifically targeting the /config/update endpoint to modify settings in proxyserverconfig.yaml. Successful exploitation allows for arbitrary code execution on the server hosting the litellm instance. This could lead to data exfiltration, system takeover, and potentially lateral movement within the network if the server has access to sensitive resources. The ability to modify KMS configurations further amplifies the risk, as attackers could compromise encryption keys and decrypt sensitive data.
This vulnerability is considered high probability due to the ease of exploitation and the critical nature of RCE. Public proof-of-concept (PoC) code is likely to emerge quickly, increasing the risk of widespread exploitation. The vulnerability was publicly disclosed on 2024-05-18. It is not currently listed on CISA KEV, but its severity warrants close monitoring. Active exploitation campaigns are possible given the ease of exploitation and the potential impact.
Organizations using litellm for LLM orchestration, particularly those leveraging Google KMS for secret management, are at significant risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as an attacker could potentially exploit the vulnerability through another user's access to the /config/update endpoint.
• python / server:
import os
import re
# Check for suspicious environment variables
env_vars = os.environ
for var, value in env_vars.items():
if re.search(r'(eval|exec|system|subprocess)', value, re.IGNORECASE):
print(f"Suspicious environment variable detected: {var}={value}")• linux / server:
journalctl -u litellm -f | grep -i "eval"• generic web:
curl -I 'http://your-litellm-server/config/update' # Check for unusual headers or request parametersdisclosure
एक्सप्लॉइट स्थिति
EPSS
3.28% (87% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-4264 is to upgrade to a patched version of litellm as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. Restrict access to the /config/update endpoint to trusted users only. Implement strict input validation and sanitization on all data received through this endpoint. Consider using a Web Application Firewall (WAF) to filter out potentially malicious requests containing suspicious code. Monitor system logs for unusual activity related to the /config/update endpoint and KMS interactions.
litellm लाइब्रेरी को नवीनतम उपलब्ध संस्करण में अपडेट करें। यह रिमोट कोड एग्जीक्यूशन भेद्यता को ठीक कर देगा। भविष्य में होने वाली भेद्यताओं से बचने के लिए Google KMS से संबंधित किसी भी कॉन्फ़िगरेशन को भी अपडेट करना सुनिश्चित करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-4264 is a critical RCE vulnerability in the litellm Python library, allowing attackers to execute arbitrary code via the /config/update endpoint and KMS configurations.
You are affected if you are using litellm versions less than or equal to the latest release and expose the /config/update endpoint.
Upgrade to the patched version of litellm as soon as it's available. Until then, restrict access to the /config/update endpoint and implement input validation.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest active exploitation is possible.
Refer to the litellm GitHub repository and their official communication channels for updates and advisories regarding CVE-2024-4264.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।