AZL-42815

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42815.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-42815

Upstream

CVE-2024-27322

Published

2024-04-29T13:15:30Z

Modified

2026-04-21T04:30:45.593261Z

Summary

CVE-2024-27322 affecting package R for versions less than 4.1.0-5

Details

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27322

Affected packages

Azure Linux:2 / R

Package

Name: R
Purl: pkg:rpm/azure-linux/R

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.0-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42815.json"