The vulnerability of the extractFromZipFile() function in the model.go package of the Ollama system, which is used to run and manage large language models (LLMs), allows a malicious actor to influence the confidentiality and integrity of the protected information.

The vulnerability of the extractFromZipFile function in the model.go package of the Ollama system, which is used to run and manage large language models, is related to an incorrect path limitation for the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to...

Ollama can extract members of a ZIP archive outside of the parent directory

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

PT-2024-7104 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama versions prior to 0.1.47 Description: The issue is related to the extractFromZipFile function in model.go of the Ollama system, which is used for launching and managing large language models LLM. This function has an incorrect...