VYPR

Ollama

by Ollama

Source repositories

CVEs (25)

  • CVE-2024-39722Oct 31, 2024
    risk 0.00cvss epss 0.04

    An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.

  • CVE-2024-39720Oct 31, 2024
    risk 0.00cvss epss 0.02

    An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the…

  • CVE-2024-39721Oct 31, 2024
    risk 0.00cvss epss 0.03

    An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP…

  • CVE-2024-45436Aug 29, 2024
    risk 0.00cvss epss 0.03

    extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

  • CVE-2024-28224Apr 8, 2024
    risk 0.00cvss epss 0.00

    Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

Page 2 of 2