Closed Fleker closed 1 year ago
A specific kind of YAML file with the text
!!python/object/apply:os.system ["touch /tmp/vulnerable.txt"]
may cause the underlying command to be executed, which is not intended. This change loads the YAML file in a safer, non-executable way.
A specific kind of YAML file with the text
may cause the underlying command to be executed, which is not intended. This change loads the YAML file in a safer, non-executable way.