Critical

litellm

Unsafe Eval Function Use Leading to Remote Code Execution in Configuration Update

A vulnerability in the `litellm` library allows for Remote Code Execution (RCE) due to unsafe usage of the `eval` function when handling untrusted data from environment variables. This issue affects version 1.28.11 and was patched in the subsequent release. The vulnerability specifically impacts the `litellm.get_secret()` function when the server utilizes Google KMS, allowing attackers to execute arbitrary code.

Available publicly on May 18 2024

9.8

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credit:

trongphuc12
Threat Overview

The core of the vulnerability lies in the litellm.get_secret() function, which unsafely evaluates environment variables using the eval function without proper sanitization or filtering. This flaw is particularly dangerous because it can be exploited by manipulating the server's environment variables through a publicly accessible endpoint (/config/update). By sending a crafted request to this endpoint, an attacker can inject malicious code into an environment variable, which litellm.get_secret() subsequently executes, leading to Remote Code Execution.

Attack Scenario

An attacker first identifies the publicly accessible endpoint /config/update and crafts a request that includes malicious code as the value for an environment variable (e.g., REDIS_HOST). Upon processing this request, the server updates its environment variables accordingly. When the litellm.get_secret() function is later invoked to retrieve the value of the compromised environment variable, the malicious code is executed, achieving Remote Code Execution.

Who is affected

Any deployments of the litellm library version 1.28.11 that utilize the Google KMS for key management and have the /config/update endpoint accessible are vulnerable to this attack. This includes servers and applications that rely on litellm for managing secrets and configurations, potentially leading to unauthorized access and control by attackers.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.