|
|
|
|
|
|
by kayodelycaon
301 days ago
|
|
|
I thought Marshal and non-safe yaml are fundamentally unsafe. You’re allowing input to instantiate arbitrary objects. It’s relatively easy to find an exploitable class. Python’s pickle function is equivalent and has a warning about this. |
|
|