Jonathan Leitschuh
@jlleitschuh.bsky.social
First Dan Kaminsky Fellow | Security Researcher for the OSS Ecosystem | Speaker | Dropper of 0days (Responsibly) | @GitHub Star ⭐️ | Opinions=Mine | He/Him
🐍 How does a “Won’t Fix” CVE become a 160-comment thread… and a 5-year-old RCE that finally gets fixed?
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
June 5, 2025 at 3:24 PM
🐍 How does a “Won’t Fix” CVE become a 160-comment thread… and a 5-year-old RCE that finally gets fixed?
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...