VYPR
High severityNVD Advisory· Published Aug 29, 2024· Updated Aug 29, 2024

CVE-2024-45436

CVE-2024-45436

Description

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ollama/ollamaGo
< 0.1.470.1.47

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.