Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.
References
Configurations
No configuration.
History
21 Nov 2024, 09:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/04/29/3 - | |
References | () https://hiddenlayer.com/research/r-bitrary-code-execution/ - | |
References | () https://https://kb.cert.org/vuls/id/238194 - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/ - | |
References | () https://www.kb.cert.org/vuls/id/238194 - |
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
29 Apr 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-29 13:15
Updated : 2024-11-21 09:04
NVD link : CVE-2024-27322
Mitre link : CVE-2024-27322
CVE.ORG link : CVE-2024-27322
JSON object : View
Products Affected
No product.
CWE
CWE-502
Deserialization of Untrusted Data