4 matches found
Exploit for Session Fixation in Ollama
CVE-2025-51471 - Ollama Cross-Domain Token Exposure PoC !CVE...
CVE-2025-51471
A domain validation flaw has been discovered in Ollama. In instances where a user attempts to download a model, but where the server responds with an http 401 error code, Ollama follows the WWW-Authenticate header's realm URL without validating if it belongs to the same domain as the original...
CVE-2025-51471
CVE-2025-51471 affects Ollama up to 0.6.7, with Cross-Domain Token Exposure via server.auth.getAuthorizationToken. A malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint can cause Ollama to send its authentication token to an attacker-controlled domain, bypassing ...
CVE-2025-51471
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...