While the Java and .NET deserialization issues were limited to third-party libraries, having deserialization issues impact Ruby itself greatly increases a hacker's attack surface.

But while Oracle is addressing the issue in Java, serialization also affects other programming environments like .NET, Ruby, and others, where the issue remains dormant.

Just like with Java apps, the flaw is in how .NET libraries handle serialized data during deserialization, allowing an attacker to sneak in code that gets executed on a target's machine.

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't ...