October 7, 2024 at 05:57AM A critical security flaw (CVE-2024-47561) in Apache Avro Java SDK prior to 1.11.4 allows execution of arbitrary code, impacting large-scale data processing. Users are advised to upgrade to version 1.11.4 or 1.12.0. Vulnerability exists in deserializing input via Avro schema, affecting organizations mainly in the US. Mitigations include sanitizing schemas … Read more
April 30, 2024 at 09:07PM The open source R programming language has fixed a critical CVE-2024-27322 vulnerability that could allow arbitrary code execution. The flaw was closed in version 4.4.0 of R Core, and it’s recommended to upgrade. The exploit could compromise the software supply chain and trigger hidden payload even just by opening the … Read more
April 29, 2024 at 05:15PM A high-severity vulnerability (CVE-2024-27322) in R programming language’s deserialization process poses a threat to organizations using the language. Attackers could execute arbitrary code through specially crafted RDS files or packages, affecting sectors such as finance, healthcare, and AI. The issue has been addressed in R version 4.4.0, but organizations are … Read more
April 29, 2024 at 10:00AM A security vulnerability, CVE-2024-27322, has been discovered in the R programming language, enabling threat actors to execute malicious code via RDS files. This flaw, fixed in version 4.4.0, could lead to supply chain attacks through compromised R packages. AI security firm HiddenLayer reported the issue, emphasizing the importance of updating … Read more