CVE-2024-29455

Name of the Vulnerable Software and Affected Versions ROS2 Humble Hawksbill versions 2

Description An arbitrary file upload issue has been found, allowing attackers to execute arbitrary code, cause a denial of service, and obtain sensitive information via a crafted payload to the file upload mechanism. This includes the server's functionality for handling file uploads and associated validation processes.

Recommendations For ROS2 Humble Hawksbill version 2, consider restricting access to the file upload mechanism as a temporary workaround until a patch is available. Avoid using the file upload functionality in the ROS2 system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.