search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
178 stars 31 forks source link

RVD#1339: CWE-78 (shell), This causes a new program to execute and is difficult to use safely (C... @ mark/src/MachineSpecs.cpp:178 #1339

Closed rvd-bot closed 3 years ago

rvd-bot commented 4 years ago 
{
    "id": 1339,
    "title": "RVD#1339: CWE-78 (shell), This causes a new program to execute and is difficult to use safely (C... @ mark/src/MachineSpecs.cpp:178",
    "type": "bug",
    "description": "This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. . Happening @ ...mark/src/MachineSpecs.cpp:178",
    "cwe": [
        "CWE-78"
    ],
    "cve": "None",
    "keywords": [
        "flawfinder",
        "flawfinder_level_4",
        "static analysis",
        "testing",
        "triage",
        "CWE-78",
        "bug"
    ],
    "system": "./src/ompl/src/ompl/tools/benchmark/src/MachineSpecs.cpp:178:21",
    "vendor": null,
    "severity": {
        "rvss-score": 0,
        "rvss-vector": "",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/1339"
    ],
    "flaw": {
        "phase": "testing",
        "specificity": "subject-specific",
        "architectural-location": "application-specific",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2020-03-02 (10:58)",
        "detected-by": "Alias Robotics",
        "detected-by-method": "testing static",
        "date-reported": "2020-03-02 (10:58)",
        "reported-by": "Alias Robotics",
        "reported-by-relationship": "automatic",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1339",
        "reproducibility": "always",
        "trace": "(context) FILE *cmdPipe = popen(lscpu, r);",
        "reproduction": "See artifacts below (if available)",
        "reproduction-image": "gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_ros2_ros_industrial/-/jobs/455830918/artifacts/download"
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "try using a library call that implements the same functionality if available",
        "pull-request": "",
        "date-mitigation": ""
    }
}
rvd-bot commented 3 years ago

Ticket is still missing triage. Closing for inactivity