Join GitHub today
Safe YAML #777
With the recent Rails vulnerabilities it became clear that loading untrusted YAML can be dangerous. YAML provides syntax for (un)marshalling Ruby objects. If an attacker can control YAML that will be parsed by a server, he can force that server to instantiate arbitrary Ruby objects. This can be leveraged to accomplish arbitrary code execution.