<p>A fix was pushed into the <code>master</code> branch but not yet published.</p>

Information Exposure Through an Error Message Affecting carla-simulator/carla package, versions [0,]

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.05% (15^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UNMANAGED-CARLASIMULATORCARLA-6692207
published 29 Apr 2024
disclosed 29 Apr 2024
credit AOOOOOA

Report a new vulnerability Found a mistake?

Introduced: 29 Apr 2024

New CVE-2024-33903 Open this link in a new tab CWE-200 Open this link in a new tab

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Information Exposure Through an Error Message due to the mishandling of certain situations involving pedestrians or bicycles, as the collision_sensor function is not properly exposed to the Blueprint library. An attacker can exploit this flaw to cause unexpected behavior in simulations involving these entities by triggering specific collision scenarios.