CVE-2024-29443

Name of the Vulnerable Software and Affected Versions: ROS2 versions 2 through 3

Description: The issue is related to the handling of shell command execution in ROS2, specifically with the ROS VERSION and ROS PYTHON VERSION environment variables. This can allow a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information. The vulnerability is due to the lack of proper neutralization of special elements used in the operating system command.

Recommendations: For ROS2 versions 2 through 3, consider disabling the execution of shell commands in components that process external inputs until a patch is available. Restrict access to sensitive information and limit privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.