![Ruby serialization 'exploit' news is balderdash. Loading binary objects from untrusted sources in any language has always been a Bad Idea™️ and a warning was in RDoc since 2013. : r/programming Ruby serialization 'exploit' news is balderdash. Loading binary objects from untrusted sources in any language has always been a Bad Idea™️ and a warning was in RDoc since 2013. : r/programming](https://i.imgur.com/e5Ew5lI.png)
Ruby serialization 'exploit' news is balderdash. Loading binary objects from untrusted sources in any language has always been a Bad Idea™️ and a warning was in RDoc since 2013. : r/programming
![Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization](https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968132448-5ZBVEPZYKHGFP1YR9XMR/Screen1.png)
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
![Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization](https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968731796-ALQRJIJIKCE6QTTNUXJT/PoC.png)
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
![18.4 Lab: Exploiting Ruby deserialization using a documented gadget chain | 2024 | by Karthikeyan Nagaraj | Apr, 2024 | Medium 18.4 Lab: Exploiting Ruby deserialization using a documented gadget chain | 2024 | by Karthikeyan Nagaraj | Apr, 2024 | Medium](https://miro.medium.com/v2/resize:fit:1358/1*-oFedKcKq0Nkfu7JZCDS_Q.png)
18.4 Lab: Exploiting Ruby deserialization using a documented gadget chain | 2024 | by Karthikeyan Nagaraj | Apr, 2024 | Medium
GitHub - mpgn/Rails-doubletap-RCE: RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
![Insecure Deserialization: Lab #7 - Exploiting Ruby deserialization using a documented gadget chain - YouTube Insecure Deserialization: Lab #7 - Exploiting Ruby deserialization using a documented gadget chain - YouTube](https://i.ytimg.com/vi/BQ94Rgyw3AY/sddefault.jpg?v=6365ce5b)
Insecure Deserialization: Lab #7 - Exploiting Ruby deserialization using a documented gadget chain - YouTube
![Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization](https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/1560968541914-5P3K4BXNV8I3JAPWC6AO/Screen6.png)