Nicholasgould

**Name of the Vulnerable Software and Affected Versions** Ollama versions prior to 0.20.2 **Description** A flaw in the Tensor Model Transfer Handler component allows remote attackers to perform path traversal. This occurs through the manipulation of the `digest` argument within the `digestToPath()` function located in the x/imagegen/transfer/transfer.go file. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables that reference files with dots and slashes. **Recommendations** Update to a version later than 0.20.2. As a temporary workaround, restrict access to the `digestToPath()` function to minimize the risk of exploitation.