Awesome
CVE-2024-37032
Path traversal in Ollama with rogue registry server
- Learn from Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
Vulnerability environment
docker run -d -v ollama:/root/.ollama -p 11434:11434 --name ollama ollama/ollama:0.1.33
Rogue registry server
- Please modify
HOST
to your host MUST WITHOUT PORT - Run with
python3 server.py
Run poc
- Please modify
HOST
to your rogue registry server host, andtarget_url
to vulnerability host - Run
python3 poc.py
and check rogue registry server log