CVE-2024-37032
CVE-2024-37032 affects Ollama before 0.1.34. The vulnerability stems from improper validation of the digest format (sha256, 64 hex digits) when resolving the model path, causing incorrect handling of inputs in TestGetBlobsPath (fewer or more than 64 hex digits, or a leading ../). This can enable ...