Lucene search
Veracode Vulnerability DatabaseVERACODE:47358HistoryJun 05, 2024 - 6:07 a.m.
Improper Input Validation
2024-06-0506:07:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
improper input validation
github
vulnerable
sha256
test cases
mishandling
github.com/ollama/ollama is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the digest format sha256 with 64 hex digits) when getting the model path, which results in the mishandling of the TestGetBlobsPath test cases with fewer than 64 hex digits, more than 64 hex digits, or an initial …/ substring.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/ollama/ollama | le | v0.1.33 | |
| github.com/ollama/ollama | le | v0.1.33 |
References
github.com/advisories/GHSA-8hqg-whrw-pv92
github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
github.com/ollama/ollama/commit/2a21363bb756a7341d3d577f098583865bd7603f
github.com/ollama/ollama/compare/v0.1.33...v0.1.34
github.com/ollama/ollama/pull/4175
Related
osv
osv
CGA-hv8x-jmgj-fp3m
2024-06-21 08:04:20
nessus
nessus
Ollama < 0.1.34 Improper Input Validation
2024-06-07 00:00:00
cvelist
cvelist
CVE-2024-37032
1976-01-01 00:00:00
wizblog
wizblog
vulnrichment
vulnrichment
CVE-2024-37032
1976-01-01 00:00:00
nvd
nvd
CVE-2024-37032
2024-05-31 04:15:09
wolfi
wolfi
CVE-2024-37032 vulnerabilities
2024-06-27 09:08:32
cve
cve
CVE-2024-37032
2024-05-31 04:15:09
github
github
githubexploit
githubexploit
Exploit for CVE-2024-37032
2024-06-26 03:11:29
thn
thn
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
2024-06-24 13:52:00