leastfixedpoint
~tonyg
Projects
Blog
Contact
Archived tweet #9227 from the
@leastfixedpoint Twitter Archive
@SeanTAllen Also, uh, well: "YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution."
community.embarcadero.com/blogs/entry/ya…
