# CVE-2024-39719

> An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server.

- **CVSS:** 7.5 (HIGH)
- **EPSS:** 39.2%
- **CWE:** CWE-209

Canonical: https://intel.threadlinqs.com/cve/CVE-2024-39719
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp