extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
References
Link | Resource |
---|---|
https://github.com/ollama/ollama/compare/v0.1.46...v0.1.47 | Patch |
https://github.com/ollama/ollama/pull/5314 | Patch |
Configurations
History
30 Aug 2024, 16:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Ollama ollama
Ollama |
|
References | () https://github.com/ollama/ollama/compare/v0.1.46...v0.1.47 - Patch | |
References | () https://github.com/ollama/ollama/pull/5314 - Patch | |
CPE | cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:* |
29 Aug 2024, 20:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CWE | CWE-22 |
29 Aug 2024, 13:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Aug 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-29 03:15
Updated : 2024-08-30 16:08
NVD link : CVE-2024-45436
Mitre link : CVE-2024-45436
CVE.ORG link : CVE-2024-45436
JSON object : View
Products Affected
ollama
- ollama
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')