Vulnerability in R language < 4.4.0

For those of you who don’t already know, a vulnerability was found in the R programming language with regard to reading RDS files in versions of R less than 4.4.0.

Here is some more information about the vulnerability.

R’s official statement: Statement on CVE-2024-27322 - The R Blog

An article from the team who found CVE-2024-27322: HiddenLayer Research | R-bitrary Code Execution

The CVE never really had any implications for HPC usage. Users download arbitrary code through R packages all the time. This really only affected hosted R shiny applications.