Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.
References
Configurations
No configuration.
History
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
29 Apr 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-29 13:15
Updated : 2024-06-10 18:15
NVD link : CVE-2024-27322
Mitre link : CVE-2024-27322
CVE.ORG link : CVE-2024-27322
JSON object : View
Products Affected
No product.
CWE
CWE-502
Deserialization of Untrusted Data