CVE-2024-52338CRITICALCVSS 9.8≥ 4.0.0, ≤ 16.1.02024-11-28
CVE-2024-52338 [CRITICAL] CWE-502 CVE-2024-52338: Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it
reads Arrow IPC, Feather or Parquet data from untrusted sources (for
example, user-supplied input files). This vulnerability only affects the arrow R package, no
cvelistv5nvd