Описание
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
| Релиз | Статус | Примечание |
|---|---|---|
| ros-esm/xenial | released | 1.12.17+9 |
| upstream | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| ros-esm/bionic | released | 1.14.13+5 |
| upstream | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| ros-esm/focal/noetic | released | 1.17.4+2 |
| upstream | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
7.8 High
CVSS3
Связанные уязвимости
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
A code injection vulnerability has been discovered in the Robot Operat ...
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
7.8 High
CVSS3