{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27322", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "state": "PUBLISHED", "assignerShortName": "HiddenLayer", "dateReserved": "2024-02-23T16:59:23.011Z", "datePublished": "2024-04-29T13:02:37.062Z", "dateUpdated": "2025-02-13T17:46:26.987Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "R", "vendor": "The R Project", "versions": [{"lessThan": "4.4.0", "status": "affected", "version": "1.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user\u2019s system when interacted with.</span><br>"}], "value": "Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user\u2019s system when interacted with."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2024-06-10T16:11:27.496Z"}, "references": [{"url": "https://hiddenlayer.com/research/r-bitrary-code-execution/"}, {"url": "https://https://kb.cert.org/vuls/id/238194"}, {"url": "https://www.kb.cert.org/vuls/id/238194"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/29/3"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27322", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T20:54:11.018338Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:r_project:r:1.4.0:*:*:*:*:*:*:*"], "vendor": "r_project", "product": "r", "versions": [{"status": "affected", "version": "1.4.0", "lessThan": "4.4.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:47:05.511Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:50.976Z"}, "title": "CVE Program Container", "references": [{"url": "https://hiddenlayer.com/research/r-bitrary-code-execution/", "tags": ["x_transferred"]}, {"url": "https://https://kb.cert.org/vuls/id/238194", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/238194", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/29/3", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hiddenlayer.com/research/r-bitrary-code-execution/", "tags": ["x_transferred"]}, {"url": "https://https://kb.cert.org/vuls/id/238194", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/238194", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/29/3", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:50.976Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27322", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T20:54:11.018338Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:r_project:r:1.4.0:*:*:*:*:*:*:*"], "vendor": "r_project", "product": "r", "versions": [{"status": "affected", "version": "1.4.0", "lessThan": "4.4.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T13:37:42.561Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The R Project", "product": "R", "versions": [{"status": "affected", "version": "1.4.0", "lessThan": "4.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hiddenlayer.com/research/r-bitrary-code-execution/"}, {"url": "https://https://kb.cert.org/vuls/id/238194"}, {"url": "https://www.kb.cert.org/vuls/id/238194"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/29/3"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user\u2019s system when interacted with.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user\u2019s system when interacted with.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2024-06-10T16:11:27.496Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27322", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:46:26.987Z", "dateReserved": "2024-02-23T16:59:23.011Z", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "datePublished": "2024-04-29T13:02:37.062Z", "assignerShortName": "HiddenLayer"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user\u2019s system when interacted with."}, {"lang": "es", "value": "La deserializaci\u00f3n de datos que no son de confianza puede ocurrir en el lenguaje de programaci\u00f3n estad\u00edstica R, en cualquier versi\u00f3n desde 1.4.0 hasta 4.4.0 incluida, lo que permite que un archivo con formato RDS (R Data Serialization) creado con fines malintencionados o un paquete R ejecute c\u00f3digo arbitrario en el sistema de un usuario final cuando se interact\u00faa con \u00e9l."}], "id": "CVE-2024-27322", "lastModified": "2025-02-13T18:17:30.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}]}, "published": "2024-04-29T13:15:30.413", "references": [{"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "http://www.openwall.com/lists/oss-security/2024/04/29/3"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://hiddenlayer.com/research/r-bitrary-code-execution/"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://https://kb.cert.org/vuls/id/238194"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://www.kb.cert.org/vuls/id/238194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/04/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hiddenlayer.com/research/r-bitrary-code-execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://https://kb.cert.org/vuls/id/238194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/238194"}], "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}]}

{}