|
|
|
|
|
|
by rykov
4876 days ago
|
|
|
Rather than creating new methods for a class, YAML.load can be used to call one of a few specific methods ([]=, init_with, or yaml_initialize) for the specified class. This exploit found a class where string arguments to the []= method are inserted into an eval() block, thus becoming code. A few more details here: http://blog.gemfury.com/post/42259456238/rubygems-vulnerabil... |
|
|