The following vulnerability was published for ros-dynamic-reconfigure.
CVE-2024-39780[0]:
| A YAML deserialization vulnerability was found in the Robot
| Operating System (ROS) 'dynparam', a command-line tool for getting,
| setting, and deleting parameters of a dynamically configurable node,
| affecting ROS distributions Noetic and earlier. The issue is caused
| by the use of the yaml.load() function in the 'set' and 'get' verbs,
| and allows for the creation of arbitrary Python objects. Through
| this flaw, a local or remote user can craft and execute arbitrary
| Python code. This issue has now been fixed for ROS Noetic via commit
| 3d93ac13603438323d7e9fa74e879e45c5fe2e8e.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.