Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
marwis
on Dec 11, 2021
|
parent
|
context
|
favorite
| on:
Widespread exploitation of critical remote code ex...
Can someone clarify if this template expansion happens only in format string or in the substituted string as well. I.e. is it affecting just code like this:
log.info("foo: " + untrusted)
Or also:
log.info("foo: {}", untrusted) ?
gpm
on Dec 11, 2021
[–]
Both
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: