An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server.
References
Configurations
No configuration.
History
01 Nov 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-209 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
01 Nov 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Oct 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-31 20:15
Updated : 2024-11-01 16:35
NVD link : CVE-2024-39719
Mitre link : CVE-2024-39719
CVE.ORG link : CVE-2024-39719
JSON object : View
Products Affected
No product.
CWE
CWE-209
Generation of Error Message Containing Sensitive Information