Tech »  Topic »  Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server

Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server


A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.

Wiz Research disclosed the flaw, tracked as CVE-2024-37032 and dubbed Probllama, on May 5 and its maintainers fixed the issue in version 0.1.34 that was released via GitHub a day later.

Ollama is useful for performing inference with compatible neural networks – such as Meta's Llama family, hence the name; Microsoft's Phi clan; and models from Mistral – and it can be used on the command line or via a REST API. It has hundreds of thousands of monthly pulls on Docker Hub.

In a report published today, the Wiz bug hunting team's Sagi Tzadik said the vulnerability is due to insufficient validation on the server side of that REST ...


Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE