The open source R programming language has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10. The vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.
Source: The Register