Miggo Logo
Miggo Vulnerability Database
CVE-2024-28224

CVE-2024-28224: Ollama DNS rebinding vulnerability

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-28224
GHSA ID
GHSA-5jx5-hqx5-2vrj
EPSS Score
0.29377%
CWE
CWE-290
Published
4/8/2024
Updated
6/10/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/ollama/ollamago< 0.1.290.1.29

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key issues: 1) Reliance on DNS-based validation (CWE-350) for security decisions, and 2) Lack of proper authentication (CWE-290). While exact function names aren't available, the nature of DNS rebinding vulnerabilities typically involves HTTP request handlers that: - Trust the Host header without validation - Fail to implement proper CORS restrictions - Lack CSRF protections The high confidence comes from the vulnerability pattern matching typical DNS rebinding attack vectors in web services, where API endpoints are exposed without proper origin validation. The NCC Group advisory confirms attackers could access the full API surface, indicating missing authorization checks in core request handling functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Oll*m* ***or* *.*.** **s * *NS r**in*in* vuln*r**ility t**t **n in**v*rt*ntly *llow r*mot* ****ss to t** *ull *PI, t**r**y l*ttin* *n un*ut*oriz** us*r ***t wit* * l*r** l*n*u*** mo**l, **l*t* * mo**l, or **us* * **ni*l o* s*rvi** (r*sour** *x**ustio

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *) R*li*n** on *NS-**s** v*li**tion (*W*-***) *or s**urity ***isions, *n* *) L**k o* prop*r *ut**nti**tion (*W*-***). W*il* *x**t *un*tion n*m*s *r*n't *v*il**l*, t** n*tur* o* *NS r**in*in* vuln*r**iliti*