CVE-2024-39722: 
Wolfi vulnerability analysis and mitigation

An issue was discovered in Ollama before version 0.1.46 that exposes which files exist on the server on which it is deployed via path traversal in the api/push route. The vulnerability was assigned CVE-2024-39722 and was disclosed on October 31, 2024. This vulnerability affects the Ollama framework, which is one of the most widely-used open-source projects for AI models with over 93,000 stars on GitHub (Oligo Blog).

The vulnerability exists in the api/push route and allows an attacker to determine which files exist on the server through path traversal. When calling the api/push route with a path parameter that does not exist, it reflects the escaped URI to the attacker, providing a primitive for file existence on the server and user that executes it. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, and is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NIST NVD).

The vulnerability enables attackers to discover the server's directory structure and file system information, which could be leveraged for further attacks. At the time of disclosure, approximately 10,000 unique internet-facing IPs were running Ollama, with one in four servers being vulnerable to this and other vulnerabilities uncovered by the research team (Oligo Blog).

The vulnerability has been patched in Ollama version 0.1.46. Organizations running Ollama should upgrade to this version or later to mitigate the risk. The fix was released on June 9, 2024 (Oligo Blog).