Based on excellent write-up from https://www.elttam.com.au/blog/ruby-deserialization/
Doesn't work to use
YAML.dump(payload) in the above script. This only produces the following YAML, which is worthless:
--- !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0'
This is just a handcrafted conversion of the serialization done by
Second version is based on the more recent and equally excellent writup from https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html