CVE-2024-39835

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Robot Operating System (ROS) versions prior to Noetic Ninjemys

Description A code injection issue exists in the 'roslaunch' command-line tool due to the use of the eval() method to process unsanitized parameter values within the substitution args mechanism. This allows attackers to execute arbitrary Python code.

Recommendations Update to a version of Robot Operating System (ROS) newer than Noetic Ninjemys.

Fix

Code Injection

Eval Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-95

Related Identifiers

CVE-2024-39835

Affected Products

Debian

Robot Operating System

CVE-2024-39835

Weakness Enumeration

Related Identifiers

Affected Products

References · 11