2 matches found
CVE-2024-39722
CVE-2024-39722 affects Ollama prior to 0.1.46. A path traversal in the /api/push route can disclose which files exist on the server (information disclosure). The issue has been referenced across multiple feeds (Red Hat, NVD, SUSE, OSS/OSV) and is graded CVSSv3.1 v3.1 with a base score of 7.5 (Hig...
CVE-2024-39721
An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...