High severity7.8NVD Advisory· Published Apr 2, 2025· Updated Jun 17, 2026
CVE-2024-39780
CVE-2024-39780
Description
A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Open Source Robotics Foundation/Robot Operating System (ROS)v5Range: Noetic Ninjemys
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.