CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server.
References
Link Resource
https://www.oligo.security/blog/more-models-more-probllms Third Party Advisory Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*

History

13 May 2025, 13:32

Type Values Removed Values Added
References () https://www.oligo.security/blog/more-models-more-probllmsĀ - () https://www.oligo.security/blog/more-models-more-probllmsĀ - Third Party Advisory, Exploit
First Time Ollama ollama
Ollama
CPE cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*

Information

Published : 2024-10-31 20:15

Updated : 2025-05-13 13:32


NVD link : CVE-2024-39719

Mitre link : CVE-2024-39719

CVE.ORG link : CVE-2024-39719


JSON object : View

Products Affected

ollama

  • ollama
CWE
CWE-209

Generation of Error Message Containing Sensitive Information