April 30, 2024 at 09:07PM The open source R programming language has fixed a critical CVE-2024-27322 vulnerability that could allow arbitrary code execution. The flaw was closed in version 4.4.0 of R Core, and it’s recommended to upgrade. The exploit could compromise the software supply chain and trigger hidden payload even just by opening the … Read more
April 30, 2024 at 10:16AM AI security firm HiddenLayer warns that a vulnerability in the R programming language implementation (CVE-2024-27322, CVSS score 8.8) can be exploited by loading a malicious RDS file, allowing arbitrary code execution. This poses a risk of supply chain attacks, particularly within the R community. Patches for this vulnerability have been … Read more
April 29, 2024 at 05:15PM A high-severity vulnerability (CVE-2024-27322) in R programming language’s deserialization process poses a threat to organizations using the language. Attackers could execute arbitrary code through specially crafted RDS files or packages, affecting sectors such as finance, healthcare, and AI. The issue has been addressed in R version 4.4.0, but organizations are … Read more