Hacker News new | ask | show | jobs
by alanh 3724 days ago
I believe it has even created security issues. Didn’t Rails have at least one YAML-based vuln?
1 comments
rurban 3722 days ago
You need to restrict YAML to SecureLoad, with manually adding allowed typed and classes.

At least perl doesn't support this, so it's inherently insecure there, but you can always use YAML::Syck which didn't go this way.

link