Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsafe use of eval() method in rosparam tool
Vulnerability Description
A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Robot Operating System 安全漏洞
Vulnerability Description
Robot Operating System是ROS 2开源的机器人的元操作系统。 Robot Operating System存在安全漏洞,该漏洞源于rosparam工具使用eval函数处理未清理的用户输入,可能导致执行任意Python代码。
CVSS Information
N/A
Vulnerability Type
N/A