Nothing too major about how it’s usually used, but the yaml spec does allow arbitrary code execution when parsing a file and relies on the parser to have that feature disabled: https://en.m.wikipedia.org/wiki/YAML#Security
That’s why for python, yaml.save_load() is a thing. That’s fine for your local config files and may even be a feature for you, but it shouldn’t be used to exchange information between services.
Nothing too major about how it’s usually used, but the yaml spec does allow arbitrary code execution when parsing a file and relies on the parser to have that feature disabled: https://en.m.wikipedia.org/wiki/YAML#Security
That’s why for python,
yaml.save_load()is a thing. That’s fine for your local config files and may even be a feature for you, but it shouldn’t be used to exchange information between services.nit: you mean
yaml.safe_load().