back to article Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server

A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet. Wiz Research disclosed the flaw, tracked as CVE-2024-37032 and dubbed Probllama, on May 5 …

  1. Anonymous Coward
    Anonymous Coward

    O-LOL-ma

    Run LLMs, get what you deserve.

    1. AliceThrees

      Re: O-LOL-ma

      I just got the cute ollama sticker. No one deserves to be hurt. Update your Ollama!

    2. MonkeyJuice Bronze badge

      Re: O-LOL-ma

      If you're dumb enough to expose a server port to the world, you only have yourself to blame, frankly.

  2. Korev Silver badge
    Coat

    Whipping the Ollama's ass?

    1. AliceThrees

      whoop whoop. You should update your software more often. At least 11 versions behind to be vulnerable.

  3. Doctor Syntax Silver badge

    "An attacker could exploit the flaw by sending a specially crafted HTTP request"

    Little Bobby Models?

  4. AliceThrees

    I love Ollama! It seems crazy that the other posters forget that they should deploy tools in their own VPC or set-up authentication themselves.

    1. Doctor Syntax Silver badge

      Are we to take it that your posts are Ollama output?

    2. Anonymous Coward
      Anonymous Coward

      Resident ollama ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like