vulnerability

Debian: CVE-2020-10289: ros-actionlib -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Aug 20, 2020	Sep 1, 2020	Sep 1, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Aug 20, 2020

Added

Sep 1, 2020

Modified

Sep 1, 2020

Description

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.

Solution

debian-upgrade-ros-actionlib

References

CVE-2020-10289
https://attackerkb.com/topics/CVE-2020-10289
DEBIAN-DLA-2357-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today