|
|
|
|
|
|
by patio11
4891 days ago
|
|
|
Go on a Rails security safari, armed with the knowledge that any YAML parsing is victory, and pay very careful attention to code paths involving Rails/Rack route/parameter processing, especially anything which smells of magic. To clarify: I haven't actually done the work yet. I'm actually going on a Rails security safari later, though not particularly looking to widen this/these vulnerabilities. I figure I've gotten enough out of the community over the years to contribute part of a workweek and get one more hole plugged. |
|
|