MySQL in a Zip File Security Vulnerability
CVE-2024-45436
7.5HIGH
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2024-45436?
A vulnerability exists in the Ollama software prior to version 0.1.47, specifically in the extractFromZipFile function located in model.go. This weakness allows attackers to extract files contained within a ZIP archive to arbitrary locations outside of the intended parent directory. Such behavior can lead to unauthorized access to sensitive files, potentially compromising the security of the system. It is crucial for users of affected versions to upgrade to version 0.1.47 or later to mitigate this risk and secure their environments.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
