github - ghsa-7mg9-54m6-qh35

ghsa-7mg9-54m6-qh35

Vulnerability from github

Published

2025-07-17 21:32

Modified

2025-07-17 21:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-41921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T20:15:27Z",
    "severity": "HIGH"
  },
  "details": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027echo\u0027 verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.",
  "id": "GHSA-7mg9-54m6-qh35",
  "modified": "2025-07-17T21:32:15Z",
  "published": "2025-07-17T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41921"
    },
    {
      "type": "WEB",
      "url": "https://www.ros.org/blog/noetic-eol"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-41921 (GCVE-0-2024-41921)

Vulnerability from cvelistv5

Published

2025-07-17 19:13

Modified

2025-07-18 08:05

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.

References

URL

Tags

https://www.ros.org/blog/noetic-eol/

product

Impacted products

	Vendor	Product	Version
	Open Source Robotics Foundation	Robot Operating System (ROS)	Version: Noetic Ninjemys Version: Melodic Morenia Version: Kinetic Kame Version: Indigo Igloo

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:37:06.242493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:37:17.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "rostopic"
          ],
          "packageName": "rostopic",
          "platforms": [
            "Linux",
            "Windows",
            "MacOS"
          ],
          "product": "Robot Operating System (ROS)",
          "repo": "https://github.com/ros/ros_comm",
          "vendor": "Open Source Robotics Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Noetic Ninjemys"
            },
            {
              "status": "affected",
              "version": "Melodic Morenia"
            },
            {
              "status": "affected",
              "version": "Kinetic Kame"
            },
            {
              "status": "affected",
              "version": "Indigo Igloo"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Florencia Cabral Berenfus, Ubuntu Robotics Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027echo\u0027 verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code."
            }
          ],
          "value": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027echo\u0027 verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T08:05:08.288Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.ros.org/blog/noetic-eol/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "All ROS (1) versions are EOL, upgrade to a ROS 2 version."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Unsafe use of eval() method in rostopic echo tool"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2024-41921",
    "datePublished": "2025-07-17T19:13:34.025Z",
    "dateReserved": "2024-08-08T14:41:22.680Z",
    "dateUpdated": "2025-07-18T08:05:08.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.