Lucene search

CVE-2024-37032

🗓️ 31 May 2024 04:09:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 21 Media mentions👁 5944 Views🌐 WEB

Ollama 0.1.34 digest validation issu

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 20
Veracode	Improper Input Validation	5 Jun 202406:07	–	veracode
Chainguard	CVE-2024-37032 vulnerabilities	31 May 202404:15	–	cgr
Cvelist	CVE-2024-37032	31 May 202400:00	–	cvelist
Vulnrichment	CVE-2024-37032	31 May 202400:00	–	vulnrichment
NVD	CVE-2024-37032	31 May 202404:15	–	nvd
Wolfi	CVE-2024-37032 vulnerabilities	31 May 202404:15	–	wolfi
Nuclei	Ollama - Remote Code Execution	8 Jul 202407:39	–	nuclei
GithubExploit	Exploit for CVE-2024-37032	26 Jun 202403:11	–	githubexploit
GithubExploit	Exploit for CVE-2024-37032	10 Jul 202407:24	–	githubexploit
GithubExploit	Exploit for CVE-2024-37032	21 Oct 202405:44	–	githubexploit

Source	Link
github	www.github.com/ollama/ollama/pull/4175
github	www.github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go
github	www.github.com/ollama/ollama/compare/v0.1.33...v0.1.34
vicarius	www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032

Parameter	Position	Path	Description	CWE
../	path	/root/.ollama	Path traversal vulnerability allowing arbitrary file write due to mishandling of input format.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 May 2024 04:15Current

6.9Medium risk

Vulners AI Score6.9

CVSS38.8

EPSS0.91905

SSVC

CWE-22