Deserialization Flaw in Ruby Workers That Could Enable Full Compromise

A critical Remote Code Execution (RCE) vulnerability has been discovered in RubitMQ job workers due to unsafe JSON deserialization practices, allowing attackers to execute arbitrary commands. This flaw, identified by NullSecurityX and assigned CVE-2024-XXXX with a CVSS score of 9.8, stems from the Oj.load function’s ability to reconstruct objects, which can be exploited by injecting crafted JSON payloads to compromise the entire infrastructure.