VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-k2fv-6edv-q3gr

Essentials
Severities (15)
References (7)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-k2fv-6edv-q3gr
Aliases	CVE-2024-5751 GHSA-gppg-gqw8-wh9g
Summary	BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.05359	https://api.first.org/data/v1/epss?cve=CVE-2024-5751
epss	0.05359	https://api.first.org/data/v1/epss?cve=CVE-2024-5751
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-gppg-gqw8-wh9g
cvssv3.1	9.8	https://github.com/berriai/litellm
generic_textual	CRITICAL	https://github.com/berriai/litellm
cvssv3.1	9.8	https://github.com/BerriAI/litellm/commit/fcea4c22ad96b24436f196ae709f71932e84b0b8
generic_textual	CRITICAL	https://github.com/BerriAI/litellm/commit/fcea4c22ad96b24436f196ae709f71932e84b0b8
cvssv3.1	9.8	https://github.com/BerriAI/litellm/pull/4228
generic_textual	CRITICAL	https://github.com/BerriAI/litellm/pull/4228
cvssv3	9.8	https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
cvssv3.1	9.8	https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
generic_textual	CRITICAL	https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
ssvc	Track*	https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-5751
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2024-5751

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-5751
		https://github.com/berriai/litellm
		https://github.com/BerriAI/litellm/commit/fcea4c22ad96b24436f196ae709f71932e84b0b8
		https://github.com/BerriAI/litellm/pull/4228
ae623c2f-b64b-4245-9ed4-f13a0a5824ce		https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce
CVE-2024-5751		https://nvd.nist.gov/vuln/detail/CVE-2024-5751
GHSA-gppg-gqw8-wh9g		https://github.com/advisories/GHSA-gppg-gqw8-wh9g

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/berriai/litellm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/BerriAI/litellm/commit/fcea4c22ad96b24436f196ae709f71932e84b0b8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/BerriAI/litellm/pull/4228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-27T20:20:04Z/ Found at https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-5751

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.90292
EPSS Score	0.05359
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:31:25.727064+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/5xxx/CVE-2024-5751.json	38.6.0