{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T12:06:17.449","vulnerabilities":[{"cve":{"id":"CVE-2024-4264","sourceIdentifier":"security@huntr.dev","published":"2024-05-18T00:15:07.777","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`."},{"lang":"es","value":"Existe una vulnerabilidad de ejecución remota de código (RCE) en el proyecto berriai/litellm debido a un control inadecuado de la generación de código cuando se utiliza la función `eval` de forma insegura en el método `litellm.get_secret()`. Específicamente, cuando el servidor utiliza Google KMS, los datos que no son de confianza se pasan a la función \"eval\" sin ningún tipo de desinfección. Los atacantes pueden aprovechar esta vulnerabilidad inyectando valores maliciosos en las variables de entorno a través del endpoint `/config/update`, que permite la actualización de la configuración en `proxy_server_config.yaml`."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}