{"id":"CVE-2024-41921","details":"A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.","modified":"2026-04-10T05:15:57.401745Z","published":"2025-07-17T20:15:27.750Z","references":[{"type":"ARTICLE","url":"https://www.ros.org/blog/noetic-eol/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41921.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"indigo_igloo"}]},{"events":[{"introduced":"0"},{"last_affected":"kinetic_kame"}]},{"events":[{"introduced":"0"},{"last_affected":"melodic_morenia"}]},{"events":[{"introduced":"0"},{"last_affected":"noetic_ninjemys"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}