Security Advisory

Ollama Open Source Infrastructure Platform Security Update Advisory

  • Jun 27 2024

Overview

A vulnerability exists in the Ollama open source artificial intelligence (AI) infrastructure platform, allowing remote code execution.

description

CVE-2024-37032: Remote code execution vulnerability due to failure to validate digest format when importing model paths

Affected Products

Ollama Version: 0.1.34 or below

Vulnerability Patches Version

Ollama version: 0.1.34 or later

Vulnerability Patches

Vulnerability Patches have been made available through product updates. Proceed to update to the Vulnerability Patches version.

references

https://nvd.nist.gov/vuln/detail/CVE-2024-37032
https://github.com/advisories/GHSA-8hqg-whrw-pv92

Tags:

Previous Post

Next Post