CVE-2024-45436

HIGH

Ollama <0.1.47 - Path Traversal

Title source: llm

Description

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

Exploits (3)

github WORKING POC 8 stars
by pankass · gopoc
https://github.com/pankass/CVE-2024-37032_CVE-2024-45436
nomisec WORKING POC 4 stars
by srcx404 · poc
https://github.com/srcx404/CVE-2024-45436

References (2)

Scores

CVSS v3 7.5
EPSS 0.2908
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
ollama/ollama < 0.1.47
ollama/ollama 0 - 0.1.47Go
Published Aug 29, 2024
Tracked Since Feb 18, 2026