CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.5%

CVSS Severity

CVSS v3 Score 7.8

References

https://github.com/ros/dynamic_reconfigure/pull/202

Products affected by CVE-2024-39780

Openrobotics » Robot Operating System » Version: indigo_igloo

cpe:2.3:o:openrobotics:robot_operating_system:indigo_igloo
Openrobotics » Robot Operating System » Version: kinetic_kame

cpe:2.3:o:openrobotics:robot_operating_system:kinetic_kame
Openrobotics » Robot Operating System » Version: melodic_morenia

cpe:2.3:o:openrobotics:robot_operating_system:melodic_morenia
Openrobotics » Robot Operating System » Version: noetic_ninjemys

cpe:2.3:o:openrobotics:robot_operating_system:noetic_ninjemys

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39780

Products

Pricing

Contact Us