Hijacking Ollama’s Signed Installer for Code Execution | Imperva

A command injection vulnerability in Ollama’s signed installer allows attackers to execute malicious code. The vulnerability, coupled with a logic flaw in verifying the install location, enables attackers to bypass security measures and deliver payloads disguised as legitimate Ollama updates. Despite responsible disclosure efforts, the vulnerability remains unpatched in the latest version of Ollama.