Head Topics

Open source programming language R patches gnarly arbitrary code exec flaw

United Kingdom News News

Open source programming language R patches gnarly arbitrary code exec flaw
United Kingdom Latest News,United Kingdom Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 42 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 20%
  • Publisher: 61%

An ACE in the hole for miscreants

The open source R programming language – popular among statisticians and data scientists for performing visualization, machine learning, and suchlike – has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10., can be exploited by tricking someone into loading a maliciously crafted RDS file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.

The Comprehensive R Archive Network hosts and distributes over 20,000 R packages, and anyone could upload one – including one that has malicious code secretly embedded into it. At the time the HiddenLayer advisory was written, CRAN's automatic scans didn't check packages for a CVE-2024-27322 exploit.

"Like Python's pickle module, the exploitation of this vulnerability depends a lot on the environment of the targeted user but opens a lot of potential attack vectors," HiddenLayer's principal security researcher Kasimir Schulz told"These could include social engineering a user to download a malicious file, allowing a file write attack to become a code execution attack, or even allowing a remote attack if a service allows for untrusted RDS formatted data to be uploaded.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Open Source world's Bruce Perens emits draft Post-Open Zero Cost LicenseOpen Source world's Bruce Perens emits draft Post-Open Zero Cost LicenseSoftware doyen hopes to achieve a third impossible thing
Read more »

Madrid Open: Britain's Cameron Norrie knocked out of Madrid Open by ruthless Casper RuudMadrid Open: Britain's Cameron Norrie knocked out of Madrid Open by ruthless Casper RuudBritain's Cameron Norrie has been knocked out of the Madrid Open in the third round as Casper Ruud clinched a comfortable 6-2 6-4 win.
Read more »

Emma Raducanu: Former US Open champion has found her feet on clay ahead of French OpenEmma Raducanu: Former US Open champion has found her feet on clay ahead of French OpenHow has Emma Raducanu found her footing on clay and can the Briton become a serious contender for the French Open at Roland Garros?
Read more »

Jannik Sinner: Australian Open champion on a roll after winning Miami OpenJannik Sinner: Australian Open champion on a roll after winning Miami OpenRed-hot Jannik Sinner said he is enjoying every moment of his sensational start to the 2024 season after winning the Miami Open for his third title of the year.
Read more »

Bruce Perens tries to achieve a third impossible thingBruce Perens tries to achieve a third impossible thingOpen source veteran hopes for a hat trick with Post-Open licensing regime
Read more »

Leicester City ace takes aim at Leeds United and Whites star's claim following Foxes triumphLeicester City ace takes aim at Leeds United and Whites star's claim following Foxes triumphLeicester City's place back in the Premier League is secured - and a Foxes ace has taken aim at a Leeds star’s claim.
Read more »



Render Time: 2025-02-21 02:33:09