SiliconAngle reports that updates have been released by open-source artificial intelligence infrastructure platform Ollama to address a remote code execution flaw, tracked as CVE-2024-37032, just three days after being notified by Wiz security researchers in early May.
Such a security issue, also known as "Probllama", could be leveraged to facilitate the delivery of specially crafted HTTP requests and arbitrary file overwriting, according to the Wiz report. Threat actors could also exploit the flaw, which was found across numerous internet-exposed Ollama instances, to enable complete remote code execution in Docker implementations, takeover servers, and breach hosted AI models and apps, said researchers. Organizations' security teams have been urged to ensure that their Ollama instances are on patched versions issued on May 8 or later. On the other hand, Ollama's immediate response to the vulnerability has been heralded as something that should be emulated by Big Tech firms.
