Marshal madness: A brief history of Ruby deserialization exploits
Documenting the evolution of exploitation techniques serves a crucial purpose in security engineering: it helps us understand not just individual vulnerabilities but the systemic patterns that resist conventional fixes. The story of deserialization exploits in Ruby’s Marshal module offers a uniquely well-documented case study of this phenomenon. That is, a decade-long cycle of patches and bypasses that reveals the futility of addressing symptoms rather than root causes. This history matters bec