R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rd
Posted: Mon Feb 03, 2025 10:12 am
A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS (R Data Serialization) format files and .rdx files. An attacker can create malicious RDS or .rdx formatted files to execute arbitrary commands on the victim's target device.
https://www.kb.cert.org/vuls/id/238194
https://www.kb.cert.org/vuls/id/238194