Cradicle Explorer

/ data / vuln / ollama / CVE-2024-28224.yaml
CVE-2024-28224.yaml
 1  info:
 2    name: ollama
 3    cve: CVE-2024-28224
 4    summary: Ollama DNS rebinding漏洞
 5    details: Ollama在0.1.29版本之前存在DNS rebinding漏洞，该漏洞可能无意中允许远程访问完整的API，从而使未经授权的用户能够与大语言模型聊天、删除模型或导致服务拒绝（资源耗尽）。
 6    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
 7    severity: HIGH
 8    security_advise: 升级到ollama>=0.1.29以解决此问题。
 9  rule: version < "0.1.29"
10  references:
11   - https://nvd.nist.gov/vuln/detail/CVE-2024-28224
12   - https://github.com/ollama/ollama
13   - https://github.com/ollama/ollama/releases
14   - https://pkg.go.dev/vuln/GO-2024-2699
15   - https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224
16   - https://www.nccgroup.trust/us/our-research/?research=Technical+advisories