Ollama Remote Code Execution Vulnerability #10132

whereveryouare666 · 2024-06-25T19:31:14Z

Bi0x · 2024-06-26T08:56:00Z

may need rogue registry server, hard for nuclei interactsh. make a poc here https://github.com/Bi0x/CVE-2024-37032

karkis3c · 2024-06-26T17:03:37Z

Hello everyone,

I created a working template here

Regards

affix · 2024-07-03T21:27:54Z

It's easy to do this passively if you can hit the /api/version endpoint

The result of hitting the endpoint is

{
"version": "0.1.48"
}

If you extract and check that it's greater than 0.1.33 that should do it without actually performing code execution

DhiyaneshGeek · 2024-07-08T07:40:20Z

Hi @karkis3c i have raised a PR for the template that you shared #10218

Thank you once again

whereveryouare666 added the new-template request for new template to be created label Jun 25, 2024

github-actions bot assigned DhiyaneshGeek Jun 25, 2024

DhiyaneshGeek added the Done Ready to merge label Jul 8, 2024

ritikchaddha linked a pull request Jul 8, 2024 that will close this issue

Create CVE-2024-37032.yaml #10218

Merged

2 tasks

pussycat0x closed this as completed in #10218 Jul 9, 2024

Provide feedback