killchain-compendium/Exploits/Ruby/yaml_load.md

# YAML.load deserialization

RCE is is possible via YAML file deserialization through `yaml.load()`.  
* [staadraad describes how and provides a payload](https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)
bump 2023-01-19 16:17:10 +01:00			`# YAML.load deserialization`

			RCE is is possible via YAML file deserialization through `yaml.load()`.
			`* [staadraad describes how and provides a payload](https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)`