VDB
CVE-2024-45436
CVE-2024-45436
PUBLISHED
CVSS 7.5 HIGH
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
EPSS 29.08% · 96.7th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
29.08%
96.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ollama | ollama | 0 |
| n/a | n/a | * |
| github.com | ollama/ollama | 0 |
| ollama | ollama | 0 |
Timeline
- Aug 29, 2024 CVE Published
- Aug 29, 2024 EPSS Score
- Aug 29, 2024 PoC Published
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Oct 21, 2024 PoC Published
- Oct 29, 2024 EPSS Score
- Dec 9, 2024 EPSS Score
- Jan 19, 2025 EPSS Score
- Feb 8, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 23, 2025 EPSS Score