[GHSA-8hqg-whrw-pv92] Ollama does not validate the format of the digest (sha256 with 64 hex digits)

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.72k stars 323 forks source link

[GHSA-8hqg-whrw-pv92] Ollama does not validate the format of the digest (sha256 with 64 hex digits) #4481

Closed lukas-braune closed 4 months ago

lukas-braune commented 4 months ago

Updates

Affected products

Comments Removed protocol information from package name as this is the usual procedure with other GHSAs. Moreover, having package names starting with "https://" leads to import warnings in OWASP Dependency-Track, e.g.:

[GitHubAdvisoryMirrorTask] Unable to create purl from GitHub Vulnerability. Skipping GO : https://github.com/ollama/ollama for: GHSA-8hqg-whrw-pv92

advisory-database[bot] commented 4 months ago

Hi @lukas-braune! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!