"New R Programming Vulnerability Exposes Projects to Supply Chain Attacks"

A threat actor could exploit a security flaw in the R programming language to create a malicious R Data Serialization (RDS) file that results in the execution of code when loaded and referenced. RDS is a format for serializing and storing the state of data structures or objects in R, an open source programming language applied in statistical computing, data visualization, and Machine Learning (ML). According to the Artificial Intelligence (AI) application security company HiddenLayer, the vulnerability involves using promise objects and lazy evaluation in R. It could lead to arbitrary code execution when deserializing untrusted data, exposing users to supply chain attacks via specially crafted R packages. This article continues to discuss the potential exploitation and impact of a security vulnerability in the R programming language. 

THN reports "New R Programming Vulnerability Exposes Projects to Supply Chain Attacks"

Submitted by grigby1