srcx404

3 exploits Active since Aug 2024
CVE-2024-45436 NOMISEC HIGH WORKING POC
Ollama <0.1.47 - Path Traversal
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
4 stars
CVSS 7.5
CVE-2024-39719 NOMISEC HIGH WORKING POC
Ollama < 0.3.14 - Error Information Exposure
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server.
CVSS 7.5
CVE-2024-39722 NOMISEC HIGH SCANNER
Ollama < 0.1.46 - Path Traversal
An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.
CVSS 7.5