Hacker News new | ask | show | jobs
by kawsper 4893 days ago
Only seems to be working for servers not running 1.8.7.

Our old app runs 1.8.7, is there a POC out for that?
2 comments
postmodern_mod3 4893 days ago
@benmmurphy seems to be the only one who knows how to get RCE via Syck (1.8.x YAML parser). https://twitter.com/benmmurphy/status/296025302986014720
link
rmc 4891 days ago
Doesn't matter, upgrade.

They won't always tell you if they have an exploit.

link