Arne Brasseur wants to give this talk
YAML is the new eval
It's been a busy month for people with Rails apps. Three zero-day exploits were identified, all related to automatic parameter parsing, the last two based on YAML's object instantiation features.
I'd like to go over what happened, and figure out what lessons to take home from this.