High severityNVD Advisory· Published Aug 29, 2024· Updated Aug 29, 2024
CVE-2024-45436
CVE-2024-45436
Description
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ollama/ollamaGo | < 0.1.47 | 0.1.47 |
Affected products
3- ghsa-coords2 versions
< 0.1.47+ 1 more
- (no CPE)range: < 0.1.47
- (no CPE)range: < 0.0.20241213T205935-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.