|
|
|
|
|
|
by benmmurphy
4904 days ago
|
|
|
This vulnerability is also present in other other Ruby libraries. I would advise anyone to do bundle install --deployment in there development environment then 'grep -r "YAML::load"' and 'grep -r "YAML.load"' in the vendor/bundle directory. If you have YAML::load(user_controlled_value) or YAML.load(user_controlled_value) then you might be vulnerable to remote code execution. There are some other ruby libraries that are vulnerable to this attack but I don't want to post about them until their authors have fixed them. |
|
|