Path Traversal Vulnerability in Ollama's api/push Route
CVE-2024-39722

Currently unrated

Key Information:

Vendor: Ollama
Status: Ollama
Vendor: CVE Published:; 31 October 2024

What is CVE-2024-39722?

An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.

References

https://www.oligo.security/blog/more-models-more-probllms

EPSS Score

14% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2024