Serialization is the process of converting an in-memory data structure into a stream of binary data, typically for the purpose of sending it across a network socket. On the receiving end of this, Deserialization is the process in which that data stream is rebuilt into a data structure.

Vulnerabilities arise on the deserialization end for some server-side languages like Ruby on Rails. The serialization library for ROR allows a newly created data structure to execute code. This feature, if not mitigated, will allow an attacker to inject commands into the data section of a request if the file is to be deserialized.