The vulnerability CVE-2024-27322 in R allows arbitrary code execution by malicious RDS files or packages. It impacts deserialization and can lead to data exposure or deletion.
The exploit complexity involves promise objects and lazy evaluation in R. Attackers could compromise the software supply chain by injecting malicious code within R packages on CRAN.
HiddenLayer provided proof-of-concept code to demonstrate the vulnerability in R, showing the potential for more harmful attacks beyond simple text printing upon deserialization.
#r-programming-language #code-execution-vulnerability #cve-2024-27322 #software-supply-chain-compromise #cran
[
add
]
[
|
|
...
]