A security issue with R serialization
[This article was first published on R / Notes, and kindly contributed to R-bloggers]. (You can report issue about the content on this page here)
Want to share your content on R-bloggers? click here if you have a blog, or here if you don't.
Want to share your content on R-bloggers? click here if you have a blog, or here if you don't.
A security issue has been found with how the R language serializes objects, and patched since.
The security issue is documented under CVE-2024-27322. It affects the serialization functions that were advertised in an earlier note.
The R Core Team recently reported that the issue has been fixed as of R 4.4.0, and that ‘any attack vector associated with it has been removed.’
This episode is a reminder that R is a programming language, and as such, that it raises the same security concerns as any other programming language.
Slightly over a decade ago, these concerns led Jeroen Ooms to develop the RAppArmor package, in order to enable users to restrict the execution environment of R through dynamic sandboxing.
To leave a comment for the author, please follow the link and comment on their blog: R / Notes.
R-bloggers.com offers daily e-mail updates about R news and tutorials about learning R and many other topics. Click here if you're looking to post or find an R/data-science job.
Want to share your content on R-bloggers? click here if you have a blog, or here if you don't.