MEDIUM 6.6
PYSEC-2025-146
Details
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / ollama
Introduced in:
0 No fixed version published yet for ollama (pip). Pin to a known-safe version or switch to an alternative.