Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RVD#2401: Use of unsafe yaml load, ./src/actionlib/tools/library.py:132
Vulnerability Description
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Python 代码问题漏洞
Vulnerability Description
Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 存在代码问题漏洞,该漏洞源于程序没有安全地解析YAML值。攻击者可利用该漏洞创建Python对象,执行代码。
CVSS Information
N/A
Vulnerability Type
N/A