Code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load().
Code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load().
This exploit is a way to gain RCE that discovered by Luke Jahnke, without relying on availability of some Rails libraries or finding your own gadget on used libraries.