RoR YAML Injection
Variants:
Direct
Also Known As:
RoR Code Execution, Ruby On Rails Code Execution
Vector Type:
Attack
Relevance:
Technology Version Specific
Layer:
Application-Level
Platforms:
Ruby
Target Type:
Web Application
Affected Mechanisms:
Input Validation, Syntax Escaping
Invented In:
13/01/2013
Added In:
08/12/2014
Vector Operation Method:
Malicious inputs can affect the structure of server-side Ruby code which is generated dynamically
