Head Topics

Open source programming language R patches gnarly arbitrary code exec flaw

日本 ニュース ニュース

Open source programming language R patches gnarly arbitrary code exec flaw
日本 最新ニュース,日本 見出し
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 42 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 20%
  • Publisher: 61%

An ACE in the hole for miscreants

The open source R programming language – popular among statisticians and data scientists for performing visualization, machine learning, and suchlike – has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10., can be exploited by tricking someone into loading a maliciously crafted RDS file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.

The Comprehensive R Archive Network hosts and distributes over 20,000 R packages, and anyone could upload one – including one that has malicious code secretly embedded into it. At the time the HiddenLayer advisory was written, CRAN's automatic scans didn't check packages for a CVE-2024-27322 exploit.

"Like Python's pickle module, the exploitation of this vulnerability depends a lot on the environment of the targeted user but opens a lot of potential attack vectors," HiddenLayer's principal security researcher Kasimir Schulz told"These could include social engineering a user to download a malicious file, allowing a file write attack to become a code execution attack, or even allowing a remote attack if a service allows for untrusted RDS formatted data to be uploaded.

このニュースをすぐに読めるように要約しました。ニュースに興味がある場合は、ここで全文を読むことができます。 続きを読む:

TheRegister /  🏆 67. in UK

日本 最新ニュース, 日本 見出し

Similar News:他のニュース ソースから収集した、これに似たニュース記事を読むこともできます。

Open Source world's Bruce Perens emits draft Post-Open Zero Cost LicenseOpen Source world's Bruce Perens emits draft Post-Open Zero Cost LicenseSoftware doyen hopes to achieve a third impossible thing
続きを読む »

Madrid Open: Britain's Cameron Norrie knocked out of Madrid Open by ruthless Casper RuudMadrid Open: Britain's Cameron Norrie knocked out of Madrid Open by ruthless Casper RuudBritain's Cameron Norrie has been knocked out of the Madrid Open in the third round as Casper Ruud clinched a comfortable 6-2 6-4 win.
続きを読む »

Emma Raducanu: Former US Open champion has found her feet on clay ahead of French OpenEmma Raducanu: Former US Open champion has found her feet on clay ahead of French OpenHow has Emma Raducanu found her footing on clay and can the Briton become a serious contender for the French Open at Roland Garros?
続きを読む »

Jannik Sinner: Australian Open champion on a roll after winning Miami OpenJannik Sinner: Australian Open champion on a roll after winning Miami OpenRed-hot Jannik Sinner said he is enjoying every moment of his sensational start to the 2024 season after winning the Miami Open for his third title of the year.
続きを読む »

Bruce Perens tries to achieve a third impossible thingBruce Perens tries to achieve a third impossible thingOpen source veteran hopes for a hat trick with Post-Open licensing regime
続きを読む »

Leicester City ace takes aim at Leeds United and Whites star's claim following Foxes triumphLeicester City ace takes aim at Leeds United and Whites star's claim following Foxes triumphLeicester City's place back in the Premier League is secured - and a Foxes ace has taken aim at a Leeds star’s claim.
続きを読む »



Render Time: 2025-03-22 21:02:46