ashb commented on PR #26735: URL: https://github.com/apache/airflow/pull/26735#issuecomment-1260153962
One thought: We need to be careful we don't open up artibrarty object inflation vulnerabilities this way. (There were security problems in Rails where you could give it some session data and it would treat it as YAML, and due to oddness in YAML spec, end up creating arbitrary ruby objects which was used to pop reverse shells on Rails installs.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
