Описание
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ollama | itp | package |
EPSS
Процентиль: 46%
0.00232
Низкий
Связанные уязвимости
CVSS3: 9.8
nvd
около 2 месяцев назад
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.
github
около 2 месяцев назад
Ollama Platform has missing authentication enabling attackers to perform model management operations
EPSS
Процентиль: 46%
0.00232
Низкий