CVE-2024-28224

Name of the Vulnerable Software and Affected Versions: Ollama versions prior to 0.1.29

Description: The issue is related to a DNS rebinding vulnerability that can inadvertently allow remote access to the full API. This vulnerability can let an unauthorized user chat with a large language model, delete a model, or cause a denial of service due to resource exhaustion. The vulnerability is associated with the use of reverse DNS resolution for IP addresses and can be exploited by a remote attacker to perform a DNS rebinding attack.

Recommendations: For versions prior to 0.1.29, update to version 0.1.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation. Avoid using the API for critical operations until the issue is resolved. At the moment, there is no other information about additional mitigation measures.