Davidrxchester

**Name of the Vulnerable Software and Affected Versions** Docker Model Runner versions prior to 1.1.25 Docker Desktop versions prior to 4.67.0 **Description** The software contains a Server-Side Request Forgery (SSRF) issue within the OCI registry token exchange process. When retrieving a model, the software does not properly validate the scheme, hostname, or IP range of the realm URL obtained from the registry's `WWW-Authenticate` header. This allows a malicious OCI registry to redirect requests to internal URLs, such as `http://127.0.0.1:3000/`, enabling arbitrary GET requests to internal services. The response from these internal services is then returned to the caller, and data can be relayed back to the attacker-controlled registry via the `Authorization: Bearer` header. **Recommendations** Update Docker Model Runner to version 1.1.25 or later. Update Docker Desktop to version 4.67.0 or later. As a temporary workaround, enable Enhanced Container Isolation (ECI) to block container access to the Model Runner, but note that this does not fully mitigate the issue if the Docker Model Runner is exposed to localhost over TCP.

**Name of the Vulnerable Software and Affected Versions** Flycatcher Toys smART Sketcher versions up to 2.0 **Description** A flaw exists in the Bluetooth Low Energy Interface component of the software. This issue results in missing authentication. Exploitation is possible within a local network. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.