CVE-2024-28224
published 2024-04-08CVE-2024-28224: Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat…
PriorityP426medium6.6CVSS 3.1
AVLACLPRLUINSUCLILAH
EPSS
0.33%
25.2th percentile
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | jmorganca_ollama | >= 0 < 0.1.29 | 0.1.29 |
| github.com | ollama_ollama | >= 0 < 0.1.29 | 0.1.29 |
| ollama | ollama | < 0.1.29 | 0.1.29 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Ollama DNS rebinding vulnerability in github.com/jmorganca/ollama
osv·2024-06-10
CVE-2024-28224 Ollama DNS rebinding vulnerability in github.com/jmorganca/ollama
Ollama DNS rebinding vulnerability in github.com/jmorganca/ollama
Ollama DNS rebinding vulnerability in github.com/jmorganca/ollama
GHSA
Ollama DNS rebinding vulnerability
ghsa·2024-04-08
CVE-2024-28224 [HIGH] CWE-290 Ollama DNS rebinding vulnerability
Ollama DNS rebinding vulnerability
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
OSV
Ollama DNS rebinding vulnerability
osv·2024-04-08
CVE-2024-28224 [HIGH] Ollama DNS rebinding vulnerability
Ollama DNS rebinding vulnerability
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/ollama/ollama/releaseshttps://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/https://www.nccgroup.trust/us/our-research/?research=Technical+advisorieshttps://github.com/ollama/ollama/releaseshttps://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
2024-04-08
Published