A critical deserialization flaw in the R programming language has been discovered, which could lead to a supply chain hack. The flaw, tracked as CVE-2024-27322, allows attackers to execute malicious code by overwriting the .rdx file associated with the R package
Despite the release of a patch by the R Foundation, security researchers warn of the potential risks associated with the deserialization vulnerability. The vulnerability affects more than 135,000 R source files, including projects from major companies like R Studio, Facebook, Google, Microsoft, and AWS. By understanding how the flaw exploits the R data serialization process, security experts have emphasized the importance of addressing this critical issue to prevent potential supply chain risks. ```https://www.bankinfosecurity.com/critical-flaw-in-r-language-poses-supply-chain-risk-a-25005