{"vulnerability": "CVE-2024-27322", "sightings": [{"uuid": "51d9ce4b-8969-4190-8000-9dde18afbc3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "seen", "source": "https://gist.github.com/Flamefire/a43749529dad66caf601b9e412227c91", "content": "", "creation_timestamp": "2026-04-02T11:34:42.000000Z"}, {"uuid": "6710cc84-6964-44d8-b812-567bcbafeeb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "seen", "source": "Telegram/Vh21V_QQiKaYHBSNCqAhu5qgtDKtIWeNOuHHVDb98prtPA", "content": "", "creation_timestamp": "2024-04-29T19:47:35.000000Z"}, {"uuid": "8159e12b-7c8e-49b6-bb14-2888dcbb191b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/6559", "content": "The Hacker News\nNew R Programming Vulnerability Exposes Projects to Supply Chain Attacks\n\nA security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced.\nThe flaw, assigned the CVE identifier CVE-2024-27322, \"involves the use of promise objects and lazy evaluation in R,\" AI application security", "creation_timestamp": "2024-04-29T19:47:35.000000Z"}, {"uuid": "09d23a19-898a-4d07-a736-c2f1484ea808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "seen", "source": "https://t.me/thehackernews/4888", "content": "\ud83d\udc68\u200d\ud83d\udcbb\ud83d\udd10 A new security vulnerability (CVE-2024-27322) has been discovered in the R programming language. It could allow attackers to execute arbitrary code through malicious RDS files, exposing your projects to supply chain attacks. \n \nRead: https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html", "creation_timestamp": "2024-04-29T15:18:19.000000Z"}, {"uuid": "da18cd5f-c85c-414f-8e6e-be1806f077a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "seen", "source": "https://t.me/information_security_channel/52074", "content": "Vulnerability in R Programming Language Could Fuel Supply Chain Attacks\nhttps://www.securityweek.com/vulnerability-in-r-programming-language-enables-supply-chain-attacks/\n\nA vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.\nThe post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks (https://www.securityweek.com/vulnerability-in-r-programming-language-enables-supply-chain-attacks/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-04-30T18:48:06.000000Z"}, {"uuid": "563a62ae-c64e-46eb-b923-f6ffa9da63e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/1230", "content": "The Hacker News\nNew R Programming Vulnerability Exposes Projects to Supply Chain Attacks\n\nA security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced.\nThe flaw, assigned the CVE identifier CVE-2024-27322, \"involves the use of promise objects and lazy evaluation in R,\" AI application security", "creation_timestamp": "2024-04-29T19:47:35.000000Z"}, {"uuid": "af279ae6-fad0-4ef7-b2d5-39aea6b412e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2412", "content": "https://hiddenlayer.com/research/r-bitrary-code-execution/\n\nCVE-2024-27322\n#\u5206\u6790", "creation_timestamp": "2024-05-02T14:28:09.000000Z"}, {"uuid": "f942a773-171d-49a0-8dee-d73fc9f87cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27322", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10433", "content": "#exploit\n1. CVE-2024-27322:\nVulnerability in R'S Deserialization\n(R-Bitrary Code Execution)\nhttps://hiddenlayer.com/research/r-bitrary-code-execution\n\n2. Minecraft \"Randar\" exploit\nhttps://github.com/spawnmason/randar-explanation\n\n3. CVE-2024-26131, CVE-2024-26132:\nElement Android Exploit\nhttps://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers", "creation_timestamp": "2024-05-02T20:34:02.000000Z"}]}