CVE-2024-30680

Name of the Vulnerable Software and Affected Versions ROS2 (Robot Operating System 2) versions ROS VERSION 2 and ROS PYTHON VERSION 3

Description A shell injection issue was discovered, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.

Recommendations For ROS2 versions ROS VERSION 2 and ROS PYTHON VERSION 3, consider restricting the execution of shell commands in components like command interpreters or interfaces that process external inputs until a patch is available. As a temporary workaround, avoid using external inputs in ROS2 components that handle shell command execution to minimize the risk of exploitation.