data/reports: review GO-2024-2901

- data/reports/GO-2024-2901.yaml Fixes #2901 Change-Id: I27b3cf7d39e19766ba08b48ec0339d863b432804 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635698 Reviewed-by: Zvonimir Pavlinovic <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
golang · Dec 12, 2024 · e01c4a3 · e01c4a3
1 parent cd442dd
commit e01c4a3
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/data/osv/GO-2024-2901.json b/data/osv/GO-2024-2901.json
@@ -28,18 +28,23 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/ollama/ollama/server",
+            "symbols": [
+              "GetBlobsPath"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://github.com/advisories/GHSA-8hqg-whrw-pv92"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37032"
-    },
     {
       "type": "FIX",
       "url": "https://github.com/ollama/ollama/commit/2a21363bb756a7341d3d577f098583865bd7603f"
@@ -63,6 +68,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-2901",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2024-2901.yaml b/data/reports/GO-2024-2901.yaml
@@ -4,20 +4,23 @@ modules:
       versions:
         - fixed: 0.1.34
       vulnerable_at: 0.1.34-rc1
+      packages:
+        - package: github.com/ollama/ollama/server
+          symbols:
+            - GetBlobsPath
 summary: Ollama does not validate the format of the digest (sha256 with 64 hex digits) in github.com/ollama/ollama
 cves:
     - CVE-2024-37032
 ghsas:
     - GHSA-8hqg-whrw-pv92
 references:
     - advisory: https://github.com/advisories/GHSA-8hqg-whrw-pv92
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37032
     - fix: https://github.com/ollama/ollama/commit/2a21363bb756a7341d3d577f098583865bd7603f
     - fix: https://github.com/ollama/ollama/pull/4175
     - web: https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
     - web: https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34
     - web: https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032
 source:
     id: GHSA-8hqg-whrw-pv92
-    created: 2024-08-16T16:51:37.817763-04:00
-review_status: NEEDS_REVIEW
+    created: 2024-12-12T12:58:07.627483-05:00
+review_status: REVIEWED