Fork me on GitHub!
Señor Developer!

RUG::B

Ruby User Group Berlin

YAML is the new eval

this Topic will be presented by Arne Brasseur

at Febuary Meetup, hosted by Tobias Pfeiffer

It's been a busy month for people with Rails apps. Three zero-day exploits were identified, all related to automatic parameter parsing, the last two based on YAML's object instantiation features.

I'd like to go over what happened, and figure out what lessons to take home from this.