PT-2024-9418 · Ollama · Ollama

Published

2024-10-30

Updated

2024-11-24

CVE-2024-39722

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Ollama versions prior to 0.1.46

Description: The issue is related to incorrect restriction of the path name to a directory with limited access. This can be exploited by a remote attacker to cause a denial of service. The vulnerability exposes which files exist on the server via path traversal in the "api/push" route.

Recommendations: For versions prior to 0.1.46, update to version 0.1.46 to resolve the issue. As a temporary workaround, consider restricting access to the "api/push" endpoint until the update is applied.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2024-11113

CVE-2024-39722

Affected Products

Ollama

PT-2024-9418 · Ollama · Ollama

CVE-2024-39722

Weakness Enumeration

Related Identifiers

Affected Products

References · 11