Wiz Research discovered and disclosed a critical vulnerability in Ollama, leading to remote code execution and affecting numerous exposed instances. The flaw (CVE-2024-37032), named Probllama, was swiftly patched in version 0.1.34 after disclosure on May 5 via GitHub.
The vulnerability in Ollama was centered around inadequate validation in its REST API server, allowing attackers to manipulate the API endpoints for malicious activities. By exploiting the endpoint /api/pull, attackers could download models and potentially compromise the host environment through path traversal payloads in manifest files, resulting in remote code execution.
Collection
[
|
...
]