# YAML.load deserialization
RCE is is possible via YAML file deserialization through `yaml.load()`.
* [staadraad describes how and provides a payload](https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)