Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.
Thank you for your detailed overview regarding the CVEs attributed to our
research on ROS/ROS 2 We appreciate the scrutiny and understand the
concerns raised by you and other parties
I want to clarify that our findings are based on extensive tests conducted
in real-world scenarios within controlled laboratory settings, where actual
robots were s ...
Thank you for the guidance I will review the disclosure policy outlined in
REP-2006 and prepare a detailed report with proof of concepts I also plan
to reach out to the upstream team for further advice and will share the
manuscript with them as suggested
*Yash Patel*
PhD Research Scholar
National Forensic Sciences University
Ministry of Home ...
Many thanks to Florencia Cabral Berenfus for her analysis of these claims!
Mark Esler
[0] dlacmorg/doi/abs/101145/35739103573912
[1] githubcom/yashpatelphd/CVE-2024-30737/issues/1
[3] githubcom/yashpatelphd/CVE-2023-33565
[5] githubcom/yashpatelphd/CVE-2024-30737 ...
Arbitrary File Upload Vulnerability in ROS2 Iron Irwini
CVE ID
CVE-2024-30688
Title
Arbitrary File Upload Vulnerability in ROS2 Iron Irwini
Vulnerability Type
Insufficient File Upload Validation
Severity
TBD
Vendor
The Open Source Robotics Foundation (OSRF)
Products Affected
ROS2 Iron Irwini (ROS_VERSION=2 and ROS_PYTHON_VERSION=3)
Description
An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini This vulne
Vulmon