writeups/Ruby-deserialization-gadget-on-rails.md at main · httpvoid/writeups · GitHub
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
GitHub - mpgn/Rails-doubletap-RCE: RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
Zero Day Initiative — Remote Code Execution via Ruby on Rails Active Storage Insecure Deserialization
Ruby serialization 'exploit' news is balderdash. Loading binary objects from untrusted sources in any language has always been a Bad Idea™️ and a warning was in RDoc since 2013. : r/programming