CVE-2024-4889 in litellm
Summary
by MITRE • 06/06/2024
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/16/2024
The vulnerability identified as CVE-2024-4889 represents a critical code injection flaw within the berriai/litellm application version 1.34.6, demonstrating a dangerous misuse of dynamic code execution mechanisms. This vulnerability stems from the application's reliance on the eval function with unvalidated input, creating an attack surface that can be exploited to achieve arbitrary code execution. The flaw specifically manifests within the secret management system where user-controllable inputs are directly passed to the eval function without proper sanitization or validation, making it a prime example of CWE-94, which describes the weakness of allowing arbitrary code execution through the use of eval or similar functions.
The exploitation chain requires a specific prerequisite involving the Google KMS configuration file, which serves as both the attack vector and the execution mechanism. Attackers must first manipulate the UI_LOGO_PATH variable within the get_image function to point to a remote server address, enabling the download of a malicious Google KMS configuration file. This configuration file is then written to the cached_logo.jpg file location, effectively creating a persistence mechanism. The vulnerability's conditional nature means that exploitation is only possible when the Google KMS feature is actively configured and in use, making it a targeted attack vector rather than a universal exploit. The attack leverages the application's legitimate use of Google KMS for secret management, turning this security feature into an attack surface through the malicious configuration file.
The operational impact of this vulnerability extends far beyond simple code injection, as it provides attackers with complete system control when successfully exploited. The assignment of malicious code to the SAVE_CONFIG_TO_DB environment variable creates a full compromise scenario where attackers can execute arbitrary commands with the privileges of the application process. This level of control can lead to data exfiltration, system reconnaissance, lateral movement within network environments, and potential establishment of persistent backdoors. The vulnerability aligns with ATT&CK technique T1059.001, which covers the use of command and scripting interpreters, and T1566.001, which addresses the use of spearphishing attachments, as the malicious configuration file serves as the initial compromise vector.
The security implications of this vulnerability are particularly concerning due to the application's likely deployment in production environments where it would have access to sensitive data and system resources. The requirement for a valid Google KMS configuration file means that attackers must have some level of access to the target system to initiate the attack, but once initiated, the exploitation can lead to complete system compromise. Organizations using berriai/litellm version 1.34.6 should immediately implement mitigations including input validation for all user-controllable parameters, removal or restriction of eval function usage, and proper environment variable sanitization. The vulnerability demonstrates the critical importance of validating all inputs and avoiding dynamic code execution in security-sensitive applications, as outlined in OWASP Top 10 2021 category A03: Injection, which specifically addresses the dangers of unvalidated inputs leading to code injection vulnerabilities.