Improper Access Control Affecting github.com/ollama/ollama/server package, versions <0.1.29


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Access Control vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMOLLAMAOLLAMASERVER-6592877
  • published9 Apr 2024
  • disclosed8 Apr 2024
  • creditKevin Henry, Ristin Rivera, Javed Samuel, Roger Meyer

Introduced: 8 Apr 2024

CVE-2024-28224  (opens in a new tab)
CWE-284  (opens in a new tab)

How to fix?

Upgrade github.com/ollama/ollama/server to version 0.1.29 or higher.

Overview

Affected versions of this package are vulnerable to Improper Access Control due to improper handling of DNS queries. An attacker can gain unauthorized access to the application's full API and perform actions such as chatting with a large language model, deleting a model, or causing resource exhaustion.

CVSS Scores

version 3.1