VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-kqcb-nxq1-abdq

Essentials
Severities (13)
References (6)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kqcb-nxq1-abdq
Aliases	CVE-2024-4890 GHSA-8j42-pcfm-3467
Summary	A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2024-4890
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2024-4890
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8j42-pcfm-3467
cvssv3.1	4.9	https://github.com/BerriAI/litellm
generic_textual	MODERATE	https://github.com/BerriAI/litellm
cvssv3.1	4.9	https://github.com/BerriAI/litellm/pull/2954
generic_textual	MODERATE	https://github.com/BerriAI/litellm/pull/2954
cvssv3	4.9	https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2
cvssv3.1	4.9	https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2
generic_textual	MODERATE	https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2
ssvc	Track	https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2
cvssv3.1	4.9	https://nvd.nist.gov/vuln/detail/CVE-2024-4890
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-4890

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-4890
		https://github.com/BerriAI/litellm
		https://github.com/BerriAI/litellm/pull/2954
a4f6d357-5b44-4e00-9cac-f1cc351211d2		https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2
CVE-2024-4890		https://nvd.nist.gov/vuln/detail/CVE-2024-4890
GHSA-8j42-pcfm-3467		https://github.com/advisories/GHSA-8j42-pcfm-3467

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/BerriAI/litellm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/BerriAI/litellm/pull/2954

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:35:28Z/ Found at https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4890

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.20426
EPSS Score	0.00065
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:38:20.834950+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/4xxx/CVE-2024-4890.json	38.6.0