From: SASADA Koichi <ko1@...>
Date: 2013-01-31T11:02:34+09:00
Subject: [ruby-core:51768] Re: [ruby-trunk - Bug #7759][Open] Marshal.load is not documented to be dangerous

(2013/01/31 8:59), charliesome (Charlie Somerville) wrote:
> Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.

Could you explain attack scenario?

-- 
// SASADA Koichi at atdot dot net