cbcvebase.
CVE-2024-28224
published 2024-04-08

CVE-2024-28224: Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat…

PriorityP426medium6.6CVSS 3.1
AVLACLPRLUINSUCLILAH
EPSS
0.33%
25.2th percentile
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comjmorganca_ollama>= 0 < 0.1.290.1.29
github.comollama_ollama>= 0 < 0.1.290.1.29
ollamaollama< 0.1.290.1.29
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.