VYPR
Medium severity6.6NVD Advisory· Published Apr 8, 2024· Updated Jun 17, 2026

CVE-2024-28224

CVE-2024-28224

Description

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ollama/ollamaGo
< 0.1.290.1.29

Affected products

6

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.