Ollama can extract members of a ZIP archive outside of the parent directory

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

PT-2024-7104 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama versions prior to 0.1.47 Description: The issue is related to the extractFromZipFile function in model.go of the Ollama system, which is used for launching and managing large language models LLM. This function has an incorrect...