Version 0.9.5.5 is outdated and lacks the security patches found in current releases.
The conclusion by February 2020: . It was a misclassification of the normal behavior of R formula evaluation. Essentially, the researcher had confused R’s formula interface (e.g., y ~ x + group ) with code execution. Later versions of jamovi added explicit warnings when loading non-standard R objects. jamovi 0955 exploit
Modern versions of jamovi have addressed several vulnerabilities, including CVE-2021-28079 , a Cross-Site Scripting (XSS) flaw affecting versions up to 1.6.18. For secure use, always ensure you are running the latest current version and avoid exposing jamovi instances to the public internet without proper authentication. Rj Editor – Analyse your data with R in jamovi Version 0
They notice the version is outdated and explicitly vulnerable to CVE-2021-28079 (though the direct R-code execution is often the easier path). For secure use, always ensure you are running