CVE-2024-39719

{"id": "CVE-2024-39719", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-31T20:15:04.770", "references": [{"url": "https://www.oligo.security/blog/more-models-more-probllms", "tags": ["Third Party Advisory", "Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the \"File does not exist\" error message to the attacker, providing a primitive for file existence on the server."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Ollama hasta la versi\u00f3n 0.3.14. La divulgaci\u00f3n de la existencia de un archivo puede ocurrir a trav\u00e9s de api/create. Al llamar a la ruta CreateModel con un par\u00e1metro de ruta que no existe, se refleja el mensaje de error \"El archivo no existe\" al atacante, lo que proporciona una primitiva sobre la existencia del archivo en el servidor."}], "lastModified": "2025-05-13T13:32:48.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F416AD53-06BC-45FB-A167-23869CC4E37A", "versionEndIncluding": "0.3.14"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}