X Tutup
The Wayback Machine - https://web.archive.org/web/20260224183403/https://github.com/github/advisory-database/pull/6571
Skip to content

Comments

[GHSA-f6mr-38g8-39rg] Ollama Platform has missing authentication enabling attackers to perform model management operations#6571

Closed
Ankush-Pathak wants to merge 1 commit intoAnkush-Pathak/advisory-improvement-6571from
Ankush-Pathak-GHSA-f6mr-38g8-39rg
Closed

[GHSA-f6mr-38g8-39rg] Ollama Platform has missing authentication enabling attackers to perform model management operations#6571
Ankush-Pathak wants to merge 1 commit intoAnkush-Pathak/advisory-improvement-6571from
Ankush-Pathak-GHSA-f6mr-38g8-39rg

Conversation

@Ankush-Pathak
Copy link

@Ankush-Pathak Ankush-Pathak commented Dec 22, 2025

Updates

  • Affected products

Comments
According to https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd, Affected Versions: <= v0.12.3

@github-actions github-actions bot changed the base branch from main to Ankush-Pathak/advisory-improvement-6571 December 22, 2025 05:59
@Ankush-Pathak Ankush-Pathak mentioned this pull request Dec 22, 2025
Closed
@JonathanLEvans
Copy link

JonathanLEvans commented Dec 23, 2025

Hi @Ankush-Pathak,

My understanding is that Ollama is not patched yet so the current range is accurate. Do you have a link showing that 0.12.4 is fixed?

@Ankush-Pathak
Copy link
Author

Ankush-Pathak commented Dec 23, 2025

It says in the description of the CVE, A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3 and see Affected Versions: <= v0.12.3 here

@Ankush-Pathak
Copy link
Author

Ankush-Pathak commented Dec 23, 2025

Oh I see what you're saying. I don't find any indication of a fix in the changelog for 0.12.4.
The description of the CVE must then be updated to not mention the version to avoid confusion.

@JonathanLEvans
Copy link

JonathanLEvans commented Dec 23, 2025

GitHub did not assign the CVE so we cannot make changes to it. If you want, you can contact MITRE about changing the description.

@github-actions
Copy link

github-actions bot commented Jan 8, 2026

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions bot added the Stale label Jan 8, 2026
@github-actions github-actions bot closed this Jan 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ankush-Pathak @JonathanLEvans
X Tutup