Description

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

INFO

Published Date :

2024-04-08T00:00:00.000Z

Last Modified :

2025-03-26T20:00:51.470Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-28224 vulnerability.

Vendors Products
Ollama
  • Ollama

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact