Ruby taken off the rails by deserialization exploit | The Daily Swig
Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNET
Ruby serialization 'exploit' news is balderdash. Loading binary objects from untrusted sources in any language has always been a Bad Idea™️ and a warning was in RDoc since 2013. : r/programming
Deserialization vulnerability
Exploiting Ruby deserialization using a documented gadget chain (Video solution)
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
Lab: Exploiting Ruby deserialization using a documented gadget chain | Insecure deserialization
Identifying and Exploiting Unsafe Deserialization in Ruby | by Plenum | InfoSec Write-ups
Learning More About YAML Deserialization | by Security Lit Limited | InfoSec Write-ups
GitHub - mpgn/Rails-doubletap-RCE: RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
Introduction to Deserialization Attacks Course | HTB Academy
Discovering Deserialization Gadget Chains in Rubyland - Include Security Research Blog
18.4 Lab: Exploiting Ruby deserialization using a documented gadget chain | 2024 | by Karthikeyan Nagaraj | Apr, 2024 | Medium