Ibaiape

**Name of the Vulnerable Software and Affected Versions** actionlib (affected versions not specified) **Description** The issue is caused by an unsafe parsing of YAML values in the ROS core package of actionlib, allowing the instantiation of arbitrary objects. This occurs when an action message is processed to be sent, enabling the creation of Python objects. An attacker with local or remote access can exploit this flaw to execute arbitrary code in Python form on the ROS Master. **Recommendations** Consider using `yaml.safe load()` instead of the unsafe load method to prevent the instantiation of arbitrary objects. At the moment, there is no information about a newer version that contains a fix for this vulnerability.