cvedb.io
CVE-2024-39780
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-04-02T08:15:13.720 · Last modified 2026-06-17T07:42:47.353

Summary

A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code.

Affected products

openrobotics — robot_operating_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when openrobotics ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.