{"id":"CVE-2024-4889","details":"A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.","modified":"2026-04-10T05:57:50.234848Z","published":"2024-06-06T18:15:18.577Z","references":[{"type":"EVIDENCE","url":"https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/berriai/litellm","events":[{"introduced":"0"},{"fixed":"be3c7b401ef69297247fa56aa8ff07549e3451b2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.44.16"}]}}],"versions":["1.16.12","1.16.13","1.16.14","1.34.2","1.34.20-stable","1.34.28.dev3","1.34.35-stable","1.34.39.dev1","1.35.1.dev1","1.35.13.dev1","1.35.24.dev6","1.35.33.dev4","1.35.36.dev1","1.35.5.dev2","1.40.8.dev1","1.41.11.dev5","1.41.12.dev1","1.41.14.dev15","1.44.6","latest","pr-litellm-spend-logs-db","stable","test","v.1.32.34-stable","v0.1.387","v0.1.492","v0.1.574","v0.1.738","v0.11.1","v0.8.4","v1.1.0","v1.10.4","v1.11.1","v1.15.0","v1.15.5","v1.16-test2","v1.16-test3","v1.16-test4","v1.16.13","v1.16.15","v1.16.16","v1.16.17","v1.16.17-test","v1.16.17-test2","v1.16.17-test3","v1.16.18","v1.16.19","v1.16.20","v1.16.20.dev1","v1.16.20.dev3","v1.16.21","v1.16.3","v1.16.6","v1.17.0","v1.17.1","v1.17.10","v1.17.12","v1.17.13","v1.17.14","v1.17.15","v1.17.16","v1.17.17","v1.17.18","v1.17.2","v1.17.3","v1.17.4","v1.17.5","v1.17.6","v1.17.7","v1.17.8","v1.17.9","v1.18.0","v1.18.1","v1.18.10","v1.18.11","v1.18.12","v1.18.13","v1.18.2","v1.18.4","v1.18.5","v1.18.6","v1.18.7","v1.18.8","v1.18.9","v1.19.0","v1.19.2","v1.19.3","v1.19.4","v1.19.6","v1.20.0","v1.20.1","v1.20.2","v1.20.3","v1.20.5","v1.20.6","v1.20.7","v1.20.8","v1.20.9","v1.21.0","v1.21.1","v1.21.4","v1.21.5","v1.21.6","v1.21.7","v1.22.10","v1.22.11","v1.22.2","v1.22.3","v1.22.5","v1.22.8","v1.22.9","v1.23.0","v1.23.1","v1.23.10","v1.23.12","v1.23.14","v1.23.15","v1.23.16","v1.23.2","v1.23.3","v1.23.4","v1.23.5","v1.23.7","v1.23.8","v1.23.9","v1.24.1","v1.24.3","v1.24.5","v1.24.6","v1.25.0","v1.25.1","v1.25.2","v1.26.0","v1.26.1","v1.26.10","v1.26.11","v1.26.13","v1.26.2","v1.26.3","v1.26.4","v1.26.5","v1.26.6","v1.26.7","v1.26.8","v1.26.9","v1.27.1","v1.27.10","v1.27.14","v1.27.15","v1.27.4","v1.27.6","v1.27.7","v1.27.8","v1.27.9","v1.28.0","v1.28.1","v1.28.10","v1.28.11","v1.28.13","v1.28.2","v1.28.3","v1.28.4","v1.28.6","v1.28.7","v1.28.8","v1.28.9","v1.29.1","v1.29.3","v1.29.4","v1.29.5","v1.29.7","v1.30.0","v1.30.1","v1.30.2","v1.30.3","v1.30.4","v1.30.5","v1.30.6","v1.30.7","v1.31.10","v1.31.12","v1.31.12-dev","v1.31.12-dev1","v1.31.12-dev3","v1.31.13","v1.31.14","v1.31.15","v1.31.16","v1.31.17","v1.31.2","v1.31.3","v1.31.4","v1.31.5","v1.31.6","v1.31.7","v1.31.8","v1.31.9","v1.32.1","v1.32.3","v1.32.33-stable","v1.32.33.dev1","v1.32.4","v1.32.7","v1.32.7.dev1","v1.32.7.dev3","v1.32.7.dev5","v1.32.9","v1.33.0","v1.33.1","v1.33.2","v1.33.3","v1.33.4","v1.33.7","v1.33.8","v1.33.9","v1.34.0","v1.34.1","v1.34.10","v1.34.10.dev1","v1.34.12","v1.34.13","v1.34.14","v1.34.16","v1.34.17","v1.34.18","v1.34.19","v1.34.20","v1.34.21","v1.34.21-stable","v1.34.22","v1.34.22-stable","v1.34.22.dev15-stable","v1.34.23-stable","v1.34.25","v1.34.26","v1.34.27","v1.34.28","v1.34.28.dev12","v1.34.29","v1.34.3","v1.34.33","v1.34.34","v1.34.34.dev1","v1.34.35","v1.34.36","v1.34.36.dev2","v1.34.37","v1.34.37.dev1","v1.34.38","v1.34.39","v1.34.4","v1.34.4.dev1","v1.34.4.dev2","v1.34.40","v1.34.41","v1.34.42","v1.34.5","v1.34.6","v1.34.8","v1.34.8.dev1","v1.35.0","v1.35.1","v1.35.1.dev1","v1.35.1.dev2","v1.35.10","v1.35.11","v1.35.12","v1.35.13","v1.35.14","v1.35.15","v1.35.15-stable","v1.35.16","v1.35.17","v1.35.18","v1.35.19","v1.35.2","v1.35.20","v1.35.20.dev2","v1.35.21","v1.35.21-stable","v1.35.23","v1.35.24","v1.35.24.dev1","v1.35.25","v1.35.26","v1.35.26.dev1","v1.35.28","v1.35.28.dev1","v1.35.29","v1.35.3","v1.35.30","v1.35.31","v1.35.32","v1.35.32.dev1","v1.35.33","v1.35.33.dev1","v1.35.33.dev2","v1.35.33.dev3","v1.35.34","v1.35.35","v1.35.35.dev1","v1.35.36","v1.35.36-dev2","v1.35.37","v1.35.38","v1.35.38-stable","v1.35.4","v1.35.5","v1.35.6","v1.35.7","v1.35.8","v1.35.8.dev1","v1.36.0","v1.36.1","v1.36.2","v1.36.2-stable","v1.36.3","v1.36.4","v1.36.4-stable","v1.37.0","v1.37.0.dev_version_headers","v1.37.10","v1.37.11","v1.37.12","v1.37.12-stable","v1.37.12.dev1","v1.37.13","v1.37.13-stable","v1.37.14","v1.37.16","v1.37.16-stable","v1.37.17","v1.37.19","v1.37.19-stable","v1.37.2","v1.37.20","v1.37.20.dev1","v1.37.3","v1.37.3-stable","v1.37.5","v1.37.5-stable","v1.37.6","v1.37.7","v1.37.7-stable","v1.37.9","v1.37.9-stable","v1.38.0","v1.38.0-stable","v1.38.1","v1.38.10","v1.38.11","v1.38.12","v1.38.2","v1.38.3","v1.38.4","v1.38.4-stable","v1.38.5","v1.38.7","v1.38.7-stable","v1.38.8","v1.38.8-stable","v1.39.2","v1.39.3","v1.39.4","v1.39.5","v1.39.5-stable","v1.39.6","v1.40.0","v1.40.1","v1.40.1.dev2","v1.40.1.dev4","v1.40.10","v1.40.11","v1.40.12","v1.40.13","v1.40.14","v1.40.15","v1.40.16","v1.40.17","v1.40.19","v1.40.2","v1.40.2-stable","v1.40.20","v1.40.21","v1.40.22","v1.40.24","v1.40.25","v1.40.26","v1.40.27","v1.40.28","v1.40.29","v1.40.3","v1.40.3-stable","v1.40.31","v1.40.4","v1.40.5","v1.40.6","v1.40.7","v1.40.7.dev1","v1.40.8","v1.40.8-stable","v1.40.9","v1.40.9-stable","v1.41.0","v1.41.0-stable","v1.41.1","v1.41.11","v1.41.11.dev1","v1.41.12","v1.41.13","v1.41.14","v1.41.14.dev10","v1.41.14.dev8","v1.41.15","v1.41.17","v1.41.18","v1.41.19","v1.41.2","v1.41.2-stable","v1.41.20","v1.41.21","v1.41.22","v1.41.23","v1.41.23-stable","v1.41.24","v1.41.24.dev1","v1.41.25","v1.41.26","v1.41.26.dev1","v1.41.27","v1.41.28","v1.41.3","v1.41.3.dev2","v1.41.4","v1.41.4.dev1","v1.41.5","v1.41.5.dev1","v1.41.6","v1.41.6.dev1","v1.41.7","v1.41.8","v1.41.8.dev1","v1.41.8.dev2","v1.42.0","v1.42.0-stable","v1.42.1","v1.42.10","v1.42.10-stable","v1.42.11","v1.42.12","v1.42.2","v1.42.2-stable","v1.42.3","v1.42.3-stable","v1.42.4","v1.42.4-stable","v1.42.5","v1.42.5-dev1","v1.42.5-dev2","v1.42.5-stable","v1.42.6","v1.42.7","v1.42.7-stable","v1.42.8","v1.42.9","v1.42.9-stable","v1.42.9-stable-fix","v1.42.9.dev1","v1.43.0","v1.43.1","v1.43.1-dev1","v1.43.10","v1.43.10-stable","v1.43.12","v1.43.13","v1.43.13-stable","v1.43.15","v1.43.15-stable","v1.43.16","v1.43.16-stable","v1.43.17","v1.43.18","v1.43.18-stable","v1.43.19","v1.43.19-stable","v1.43.19.dev1","v1.43.19.dev2","v1.43.2","v1.43.3","v1.43.4","v1.43.4.dev5","v1.43.5","v1.43.5-stable","v1.43.6","v1.43.6-stable","v1.43.6.dev1","v1.43.7","v1.43.7-stable","v1.43.9","v1.44.1","v1.44.10","v1.44.10-stable","v1.44.11","v1.44.11-stable","v1.44.12","v1.44.12-stable","v1.44.13","v1.44.13-stable","v1.44.14","v1.44.14-stable","v1.44.15","v1.44.15-stable","v1.44.2","v1.44.3","v1.44.4","v1.44.4.dev2","v1.44.5","v1.44.6","v1.44.6-stable","v1.44.7","v1.44.8","v1.44.8-dev1","v1.44.9","v1.7.1","v1.7.11"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4889.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}