Eclipse CycloneDDS versions before 0.8.0 are vulnerable to a write-what-where condition, which may allow an malicious user to write arbitrary values in the XML parser.
eclipse cyclonedds