Merge branch 'master' of github.com:HackTricks-wiki/hacktricks

Author: carlospolop

src/pentesting-web/deserialization/ruby-class-pollution.md

@@ -252,6 +252,8 @@ json_input = ARGV[0]
 JSONMergerApp.run(json_input)
 ```
 
+> **Hashie deep_merge mutation regression (2025):** In Hashie 5.0.0, `Hashie::Extensions::DeepMerge#deep_merge` mutated nested sub-hashes on the receiver instead of duplicating them. Merging attacker-controlled data into long‑lived objects could therefore persist changes across requests, polluting previously “safe” instances. Behavior was corrected in 5.0.1.
+
 ## Poison the Classes <a href="#escaping-the-object-to-poison-the-class" id="escaping-the-object-to-poison-the-class"></a>
 
 In the following example it's possible to find the class **`Person`**, and the the clases **`Admin`** and **`Regular`** which inherits from the **`Person`** class. It also has another class called **`KeySigner`**:
@@ -415,8 +417,6 @@ It's possible to brute-force the defined classes and at some point poison the cl
 ## References
 
 - [https://blog.doyensec.com/2024/10/02/class-pollution-ruby.html](https://blog.doyensec.com/2024/10/02/class-pollution-ruby.html)
+- [https://ruby.libhunt.com/hashie-latest-version](https://ruby.libhunt.com/hashie-latest-version)
 
 {{#include ../../banners/hacktricks-training.md}}
-
-
-