File Existence Disclosure through API /create
CVE-2024-39719

7.5HIGH

Key Information:

Vendor: Ollama
Status: Ollama
Vendor: CVE Published:; 31 October 2024

What is CVE-2024-39719?

A file existence disclosure vulnerability has been identified in the Ollama API that could enable attackers to infer the presence of files on the server. When utilizing the CreateModel route with a non-existent path parameter, the API responds with an error message indicating 'File does not exist'. This behavior can be exploited, allowing an attacker to gain insights into the file structure and potentially exploit further vulnerabilities. It is crucial for users and administrators to address this issue promptly to mitigate risks associated with data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.oligo.security/blog/more-models-more-probllms

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2024

JSON

Ollama

What is CVE-2024-39719?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.