vulnerability
Ubuntu: (CVE-2024-39780): ros-kinetic-dynamic-reconfigure vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Apr 2, 2025 | Apr 17, 2025 | Aug 18, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 2, 2025
Added
Apr 17, 2025
Modified
Aug 18, 2025
Description
A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code.
Solutions
ubuntu-upgrade-ros-kinetic-dynamic-reconfigureubuntu-upgrade-ros-melodic-dynamic-reconfigureubuntu-upgrade-ros-noetic-dynamic-reconfigure
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.