4 matches found
CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...
CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...
CVE-2024-41148
creationtimestamp| type| source ---|---|--- 2025-07-17 19:23:49+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114870205065116436...
CVE-2024-41148
CVE-2024-41148 describes a code-injection flaw in the ROS rostopic hz command. The --filter option accepts a user-supplied Python expression which is passed directly to eval() without sanitization, enabling a local user to craft and execute arbitrary code. Affected releases include ROS Noetic Nin...