Medium severity6.6NVD Advisory· Published Apr 8, 2024· Updated Jun 17, 2026
CVE-2024-28224
CVE-2024-28224
Description
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ollama/ollamaGo | < 0.1.29 | 0.1.29 |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/ollamapkg:apk/chainguard/ollama-cpupkg:apk/wolfi/ollamapkg:apk/wolfi/ollama-cpupkg:golang/github.com/ollama/ollama
< 0+ 4 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.1.29
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-5jx5-hqx5-2vrjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28224ghsaADVISORY
- github.com/ollama/ollama/releasesnvdRelease NotesWEB
- pkg.go.dev/vuln/GO-2024-2699ghsaWEB
- research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224ghsaWEB
- research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/nvdNot Applicable
- www.nccgroup.trust/us/our-research/nvdBroken LinkWEB
News mentions
0No linked articles in our index yet.