While the Java and .NET deserialization issues were limited to third-party libraries, having deserialization issues impact Ruby itself greatly increases a hacker's attack surface.

Serialization refers to the process of saving an object’s state as a sequence of bytes and conversely, deserialization is the process of rebuilding those bytes back into an object.

Old and new deserialization exploits In programming, serialization is the process of converting data into a stream of bytes, usually to transmit it over the wire.