Yaml.rb patch to block the rails exploit and most similar classes of exploits (gist.github.com) 17 points by nelhage 13y ago ↗ HN
[–] cdcarter 13y ago ↗ Correct me if I am wrong, but this solves the YAML half of the exploit but not the XML part, right? This is not a complete patch against the exploits? [–] dandandan 13y ago ↗ Not all of them but this prevents most of the YAML strings from being serialized into Ruby objects by way of a 'safe' whitelist.
[–] dandandan 13y ago ↗ Not all of them but this prevents most of the YAML strings from being serialized into Ruby objects by way of a 'safe' whitelist.
2 comments
[ 2.6 ms ] story [ 17.0 ms ] thread