Ruby serialization 'exploit' news is balderdash. Loading binary objects from untrusted sources in any language has always been a Bad Idea™️ and a warning was in RDoc since 2013. : r/programming
Insecure Deserialization: Lab #7 - Exploiting Ruby deserialization using a documented gadget chain
Deserialization in Java and How Attackers Exploit It
Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNET
Ruby Vulnerabilities: Exploiting Open, Send, and… | Bishop Fox
Exploring de-serialization issues in Ruby projects.
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
18.4 Lab: Exploiting Ruby deserialization using a documented gadget chain | 2024 | by Karthikeyan Nagaraj | Apr, 2024 | Medium
GitHub - mpgn/Rails-doubletap-RCE: RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
Insecure Deserialization: Lab #7 - Exploiting Ruby deserialization using a documented gadget chain - YouTube
Introduction to Deserialization Attacks Course | HTB Academy
GitHub - klezVirus/deser-ruby: Ruby Deserialization Payload Generator
Exploiting Node.js deserialization bug for Remote Code Execution | OpSecX
🔎Exploring de-serialization issues in Ruby projects.
Insecure deserialization | Web Security Academy
Insecure Deserialization: It's super hard! Or is it? | by Thexssrat | InfoSec Write-ups
Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNET
RubyGems Patches Remote Code Execution Vulnerability | Threatpost
Ruby – Insecure Deserialization – YAML (Privilege Escalation – Code Execution) | VK9 Security
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
Data Deserialization
PortSwigger-Lab: Exploiting Ruby deserialization using a documented gadget chain
Insecure De-serialization. Serialization is the process of… | by Jay Wandery | Medium
