LAYER: meta-ros2-jazzy
PACKAGE NAME: cyclonedds-native
PACKAGE VERSION: 0.10.4-4
CVE: CVE-2021-38441
CVE STATUS: Patched
CVE SUMMARY: Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38441

LAYER: meta-ros2-jazzy
PACKAGE NAME: cyclonedds-native
PACKAGE VERSION: 0.10.4-4
CVE: CVE-2021-38443
CVE STATUS: Patched
CVE SUMMARY: Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38443