{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7773", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "REJECTED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-08-13T20:28:18.382Z", "datePublished": "2025-03-20T10:09:13.433Z", "dateUpdated": "2025-04-15T15:49:34.681Z", "dateRejected": "2025-04-15T15:49:34.681Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-04-15T15:49:34.681Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7773", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "REJECTED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-08-13T20:28:18.382Z", "datePublished": "2025-03-20T10:09:13.433Z", "dateUpdated": "2025-04-15T15:49:34.681Z", "dateRejected": "2025-04-15T15:49:34.681Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-04-15T15:49:34.681Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "id": "CVE-2024-7773", "lastModified": "2025-04-15T16:15:24.090", "metrics": {}, "published": "2025-03-20T10:15:37.393", "references": [], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "ollama: Remote Code Execution via ZipSlip in ollama/ollama", "id": "2353591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353591"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["A flaw was found in Ollama, specifically in the parseFromZipFile function in server/model.go. This vulnerability allows remote code execution (RCE) via improper input validation when handling zip files, enabling directory traversal attacks (../) that allow an attacker to write arbitrary files to the file system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-7773", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-03-20T10:09:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7773\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7773\nhttps://github.com/ollama/ollama/commit/123a722a6f541e300bc8e34297ac378ebe23f527\nhttps://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb"], "statement": "No Red Hat products are affected by this vulnerability.\nThis vulnerability is marked as critical rather than important because it enables unauthenticated remote code execution (RCE) with potential privilege escalation. The ZipSlip flaw allows an attacker to write arbitrary files, including modifying /etc/ld.so.preload, which forces the system to load a malicious shared library. This effectively hijacks all dynamically linked binaries, leading to persistent system compromise. Furthermore, the ability to establish a reverse shell provides the attacker full remote control, making exploitation trivial and highly impactful, especially in scenarios where the application processes untrusted ZIP archives.", "threat_severity": "Critical"}