Deserialization of Untrusted Data
The Pixar ruby-jss gem allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
Advisories for Gem/Ruby-Jss package
2021
The Pixar ruby-jss gem allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.