CVE-2024-37032
Ollama does not validate the format of the digest (sha256 with 64 hex digits) in github.com/ollama/ollama
EPSS 93.7%
Description
Ollama does not validate the format of the digest (sha256 with 64 hex digits) in github.com/ollama/ollama
How to fix CVE-2024-37032
To remediate CVE-2024-37032, upgrade the affected package to a fixed version below.
- Go/github.com/ollama/ollama—upgrade to 0.1.34 or later
- Go/github.com/ollama/ollama—upgrade to 0.1.34 or later
Is CVE-2024-37032 being exploited?
Likely — EPSS is 93.7%, placing CVE-2024-37032 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 0.1.34
- from 0, < 0.1.34