Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/ros/actionlib/pull/171 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Alias
Published: 2020-08-20T08:05:14.408034Z
Updated: 2024-09-16T21:57:52.714Z
Reserved: 2020-03-10T00:00:00
Link: CVE-2020-10289
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-08-20T08:15:10.357
Modified: 2024-11-21T04:55:08.930
Link: CVE-2020-10289
Redhat
No data.