Arne Brasseur wants to give this talk

YAML is the new eval

It's been a busy month for people with Rails apps. Three zero-day exploits were identified, all related to automatic parameter parsing, the last two based on YAML's object instantiation features.

I'd like to go over what happened, and figure out what lessons to take home from this.