Ruby on Rails: Unexpected deserialization in Kredis

Unexpected classes could be deserialized in Kredis due to the use of JSON.load, potentially leading to security vulnerabilities...

php: Use after free in unserialize() with Unexpected Session Deserialization

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...