CVE-2024-41148

Name of the Vulnerable Software and Affected Versions Robot Operating System (ROS) versions prior to Noetic Ninjemys

Description A code injection issue exists in the 'rostopic' command-line tool. The vulnerability is located in the 'hz' verb, which uses the --filter option to accept a user-provided Python expression. This input is directly passed to the eval() function without proper sanitization, potentially allowing a local user to execute arbitrary code.

Recommendations Update to ROS Noetic Ninjemys or a later version.