AZL-42815 CVE-2024-27322 affecting package R for versions less than 4.1.0-5

🗓️ 29 Apr 2024 13:15:30Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

R 1.4.0 to before 4.4.0 deserializes untrusted data via RDS or packages, enabling code execution.

Reporter	Title	Published	Views	Family All 44
FreeBSD	R -- arbitrary code execution vulnerability	29 Apr 202400:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed security vulnerabilities in JupyterHub, R Programming Language and Apache MINA (CVE-2024-28233, CVE-2024-27322, CVE-2019-0231, CVE-2021-41973)	27 Jun 202422:33	–	ibm
Tenable Nessus	Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)	10 Jun 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : R (ALASR3.4-2024-001)	12 Jul 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : R (ALAS-2024-1940)	24 Jun 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: R (CVE-2024-27322)	10 Feb 202500:00	–	nessus
Tenable Nessus	Fedora 39 : R (2024-07b7b83a4f)	9 May 202400:00	–	nessus
Tenable Nessus	Fedora 38 : R (2024-bc590cb3f1)	9 May 202400:00	–	nessus
Tenable Nessus	FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)	2 May 202400:00	–	nessus
Tenable Nessus	GLSA-202412-01 : R: Arbitrary Code Execution	9 Dec 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-27322

21 Apr 2026 04:30Current

7.3High risk

Vulners AI Score7.3

CVSS 3.18.8

EPSS0.04526

SSVC

deserialization vulnerability untrusted data R data serialization arbitrary code execution