Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)
Vulnerability Description
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm to an internal URL (e.g., http://127.0.0.1:3000/), causing Model Runner running on the host to make arbitrary GET requests to internal services and reflect the full response body back to the caller. Additionally, the token exchange mechanism can relay data from internal services back to the attacker-controlled registry via the Authorization: Bearer header. This issue has been patched in version 1.1.25. For Docker Desktop users, enabling Enhanced Container Isolation (ECI) blocks container access to Model Runner, preventing exploitation. However, if the Docker Model Runner is exposed to localhost over TCP in specific configurations, the vulnerability is still exploitable.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Docker Model Runner 代码问题漏洞
Vulnerability Description
Docker Model Runner是Docker开源的一个Docker模型运行器。 Docker Model Runner 1.1.25之前版本存在代码问题漏洞,该漏洞源于其OCI注册表令牌交换流程中存在服务端请求伪造,拉取模型时未验证方案、主机名或IP范围即遵循注册表的WWW-Authenticate标头中的领域URL,可能导致向内部服务发起任意GET请求并将完整响应体反射回调用者。
CVSS Information
N/A
Vulnerability Type
N/A