You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/09/27 22:51:42 UTC

[GitHub] [airflow] ashb commented on pull request #26735: Allow serialization of custom objects

ashb commented on PR #26735:
URL: https://github.com/apache/airflow/pull/26735#issuecomment-1260153962

   One thought: We need to be careful we don't open up artibrarty object inflation vulnerabilities this way.
   
   (There were security problems in Rails where you could give it some session data and it would treat it as YAML, and due to oddness in YAML spec, end up creating arbitrary ruby objects which was used to pop reverse shells on Rails installs.)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org