We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Advisory CVE-2024-45436 references a vulnerability in the following Go modules:
Description: extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING modules: - module: github.com/ollama/ollama vulnerable_at: 0.3.8 summary: CVE-2024-45436 in github.com/ollama/ollama cves: - CVE-2024-45436 references: - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45436 - fix: https://github.com/ollama/ollama/pull/5314 - web: https://github.com/ollama/ollama/compare/v0.1.46...v0.1.47 source: id: CVE-2024-45436 created: 2024-08-29T04:01:14.353133828Z review_status: UNREVIEWED
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/609141 mentions this issue: data/reports: add 21 unreviewed reports
data/reports: add 21 unreviewed reports
Sorry, something went wrong.
fe86cd7
No branches or pull requests
Advisory CVE-2024-45436 references a vulnerability in the following Go modules:
Description:
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: