YAML automatic code execution. Previously you had to send something to rails and... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tomjen3 on Jan 31, 2013 \| parent \| context \| favorite \| on: What The Rails Security Issue Means For Your Start... YAML automatic code execution. Previously you had to send something to rails and find a way to cause rails to execute that. Not so easy. Now? You just have to send some YAML to rails.

raganwald on Jan 31, 2013 [–]

Or JSON. If I understand one of the vulnerabilities properly, the JSON parser in some versions of Rail srelies on the YAML parser.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact