YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]
- Guilherme Oliveira on Installing ActiveX Controls in RAD Studio 2007
- Jason S. on Troubleshooting Entity Framework Connection Strings
- Entity Framework – Unable to load the specified metadata resource | Solutions for enthusiast and professional programmers on Troubleshooting Entity Framework Connection Strings
- Entity Framework – Unable to load the specified metadata resource | Free Web Development Tutorials - Msn4Free.com on Troubleshooting Entity Framework Connection Strings
- delphi 7.0, delphi 2010 and binary files. | ecsel2010.com on Why Has the Size of TObject Doubled In Delphi 2009?