Security News > 2024 > April > New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
2024-04-29 10:50
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security
News URL
https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html
Related news
- Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (source)
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Australian Police conducted supply chain attack on criminal collaborationware (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)