Open source programming language R patches critical arbitrary code exec flaw

April 30, 2024 at 09:07PM The open source R programming language has fixed a critical CVE-2024-27322 vulnerability that could allow arbitrary code execution. The flaw was closed in version 4.4.0 of R Core, and it’s recommended to upgrade. The exploit could compromise the software supply chain and trigger hidden payload even just by opening the … Read more

R language flaw allows code execution via RDS/RDX files

April 30, 2024 at 02:53PM A new vulnerability discovered in R programming language (CVE-2024-27322) allows arbitrary code execution through specially crafted RDS and RDX files. This poses a significant threat due to extensive usage in critical sectors. It’s recommended to update to R Core v4.4.0 for mitigation, which restricts promise usage in serialization to prevent … Read more

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks

April 30, 2024 at 10:16AM AI security firm HiddenLayer warns that a vulnerability in the R programming language implementation (CVE-2024-27322, CVSS score 8.8) can be exploited by loading a malicious RDS file, allowing arbitrary code execution. This poses a risk of supply chain attacks, particularly within the R community. Patches for this vulnerability have been … Read more

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

April 29, 2024 at 10:00AM A security vulnerability, CVE-2024-27322, has been discovered in the R programming language, enabling threat actors to execute malicious code via RDS files. This flaw, fixed in version 4.4.0, could lead to supply chain attacks through compromised R packages. AI security firm HiddenLayer reported the issue, emphasizing the importance of updating … Read more