Tag: Ollama open-source artificial intelligence

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
News

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

Researchers studying cybersecurity have identified a vulnerability that can be leveraged to accomplish remote code execution on the Ollama open-source artificial intelligence (AI) infrastructure platform. This vulnerability is currently fixed. Cloud security company Wiz has given the vulnerability, which is tracked as CVE-2024-37032, the codename Probllama. Version 0.1.34 was released on May 7, 2024, and it resolved the issue after responsible disclosure on May 5, 2024. Large language models (LLMs) can be packaged, deployed, and operated locally on Windows, Linux, and macOS devices using the Ollama service. Basically, the problem is a case of inadequate input validation that causes a path traversal vulnerability that an attacker might use to overwrite any file on the server and e...