srcx404

3 exploits Active since Aug 2024
CVE-2024-45436 NOMISEC HIGH WORKING POC
Ollama < 0.1.47 - Path Traversal via ZIP Archive Extraction
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
4 stars
CVSS 7.5
CVE-2024-39719 NOMISEC HIGH WORKING POC
ollama < 0.3.14 - File Existence Disclosure via CreateModel Route
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server.
CVSS 7.5
CVE-2024-39722 NOMISEC HIGH SCANNER
Ollama < 0.1.46 - Path Traversal via API Push Route
An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.
CVSS 7.5