It more looks like this was a natural extension of (part of) the Rails vulnerabilities. People saw that YAML on Ruby has a giant gaping security hole in it and was commonly used to decode user-supplied data.
I would not be surprised if we see even more of this as people feel out all of the other places that YAML is used as a user-facing data interchange format.
I would not be surprised if we see even more of this as people feel out all of the other places that YAML is used as a user-facing data interchange format.