CVE-2024-39719 Information

Description

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist it reflects the \File does not exist\ error message to the attacker providing a primitive for file existence on the server.

Reference

https://oligosecurity.webflow.io/blog/more-models-more-probllms