CVE-2024-39289
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
17/07/2025
Last modified:
17/07/2025
Description
A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH