While the Java and .NET deserialization issues were limited to third-party libraries, having deserialization issues impact Ruby itself greatly increases a hacker's attack surface.

This is not a problem specific to Java serialization, a specifc .NET formatter or any specific formats such as JSON, XML or Binary," researchers say.