Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsafe use of eval() method in roslaunch tool
Vulnerability Description
A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Robot Operating System 安全漏洞
Vulnerability Description
Robot Operating System是ROS 2开源的机器人的元操作系统。 Robot Operating System存在安全漏洞,该漏洞源于roslaunch工具使用eval方法处理未清理的用户输入,可能导致执行任意Python代码。
CVSS Information
N/A
Vulnerability Type
N/A