←back to thread

Helm local code execution via a malicious chart

(github.com)
171 points irke882 | 1 comments | 09 Jul 25 05:49 UTC | HN request time: 0.212s | source
Show context
sugarpimpdorsey ◴[09 Jul 25 06:59 UTC] No.44507048[source]
If we're being honest, YAML is one of the dumbest ideas of the last 20 years to have proliferated. How we got from XML to here I cannot comprehend.

This is not the first RCE involving YAML and it won't be the last.

replies(8): >>44507063 #>>44507118 #>>44507128 #>>44507156 #>>44507406 #>>44507812 #>>44507872 #>>44509145 #
1. tsimionescu ◴[09 Jul 25 07:22 UTC] No.44507156[source]
While YAML has all sorts of issues and disadvantages compared to XML, security is certainly not one of them. XML is a crazy source of security issues by design, especially with the crazy idea of adding built-in support for URLs that parsers are expected to follow.