## https://sploitus.com/exploit?id=04C806C2-0068-554C-AC7A-A90521B4CBCF
# CVE-2024-37032
Path traversal in Ollama with rogue registry server
- Learn from [Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) โ Overview and Mitigations](https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032#the-vulnerability-arbitrary-file-write-via-path-traversal-25)
# Vulnerability environment
```bash
docker run -d -v ollama:/root/.ollama -p 11434:11434 --name ollama ollama/ollama:0.1.33
```
# Rogue registry server
- Please modify `HOST` to your host **MUST WITHOUT PORT**
- Run with `python3 server.py`
# Run poc
- Please modify `HOST` to your rogue registry server host, and `target_url` to vulnerability host
- Run `python3 poc.py` and check rogue registry server log
![](screenshot.png)