{"id":"CVE-2020-27637","details":"The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3","modified":"2026-03-14T10:07:01.466716Z","published":"2021-01-12T04:15:13Z","references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-07"},{"type":"ADVISORY","url":"https://www.r-project.org/foundation/"},{"type":"EVIDENCE","url":"https://labs.bishopfox.com/advisories/cran-version-4.0.2"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27637.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}