Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Deserialization Issues Also Affect Ruby -- Not Just Java, PHP, and.NET

An anonymous reader writes: The Ruby Programming Language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for .NET and PHP applications as well. Researchers published proof-of-concept code this week showing how to exploit serialization/deserialization operations supported by the built-in features of the Ruby programming language itself. "Versions 2.0 to 2.5 are affected," researchers said. "There is a lot of opportunity for future work including having the technique cover Ruby versions 1.8 and 1.9 as well as covering instances where the Ruby process is invoked with the command line argument --disable-all," the elttam team added. "Alternate Ruby implementations such as JRuby and Rubinius could also be investigated." The deserialization issues can be used for remote code execution and taking over vulnerable servers. While .NET and PHP were affected, it was Java until now that has faced the biggest issues with deserialization, earlier this year, Oracle announcing it was dropping deserialization support from the Java language's standard package.

Read more of this story at Slashdot.



This post first appeared on Werbung Austria - Slashdot, please read the originial post: here

Share the post

Deserialization Issues Also Affect Ruby -- Not Just Java, PHP, and.NET

×

Subscribe to Werbung Austria - Slashdot

Get updates delivered right to your inbox!

Thank you for your subscription

×