Hacker News new | past | comments | ask | show | jobs | submit login

For those that don't know how this exploit worked, I think the "exploit" gem description provides a pretty good explanation:

   'A Proof-of-Concept PoC gem that exploits a vulnerability in the Psych YAML parser, which allows the #[]= method to be called on arbitrary Objects.
   If the #[]= method later calls eval() with the given arguments, this allows for
   arbitrary execution of code.'



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: