How severe is CVE-2020-10289?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2020-10289?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-10289 - HIGH Severity | CVSS 8

Vulnerability Description

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.

Related Vulnerabilities

CVE-2016-1661

HIGH

CVSS:8.0(High)

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers ...

CWE-202016

CVE-2017-14320

HIGH

CVSS:8.0(High)

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

CWE-202017

CVE-2017-6662

HIGH

CVSS:8.0(High)

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access t...

CWE-202017

CVE-2017-7466

HIGH

CVSS:8.0(High)

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the abili...

CWE-202017

CVE-2018-11294

HIGH

CVSS:8.0(High)

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. Whil...

CWE-202018

CVE-2018-5199

HIGH

CVSS:8.0(High)

In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to exe...

CWE-202018