YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]
- csl comments on “The Z3 Theorem Prover released under MIT license” | blog.offeryour.com on "Test-Only Development" with the Z3 Theorem Prover
- Christian S. Larsen on "Test-Only Development" with the Z3 Theorem Prover
- jegadeesh on Using jqGrid with ASP.NET MVC: Search and Formatting
- Craig Stuntz’s Weblog : Provable Optimization with Microsoft Z3 on "Test-Only Development" with the Z3 Theorem Prover
- Guilherme Oliveira on Installing ActiveX Controls in RAD Studio 2007