Hacker News new | ask | show | jobs
by tomjen3 4884 days ago
YAML automatic code execution.

Previously you had to send something to rails and find a way to cause rails to execute that. Not so easy.

Now? You just have to send some YAML to rails.
1 comments
raganwald 4884 days ago
Or JSON. If I understand one of the vulnerabilities properly, the JSON parser in some versions of Rail srelies on the YAML parser.
link