This vulnerability allows for Remote Code Execution (RCE) through YAML deserialization, which can lead to arbitrary command execution and potentially allow for total system takeover in systems utilizing the geokit-rails plugin. This issue was discovered in version 2.3.2 of the geokit-rails gem, which uses an unsafe YAML.load() method to deserialize data from Ruby on Rails cookies. An attacker can exploit this vulnerability by crafting a malicious HTTP request with a specially crafted YAML payload that is deserialized and executed, allowing for RCE. The issue was responsibly disclosed to the maintainer of geokit-rails and fixed in version 2.5.0. Snyk Code's rules have also been improved to detect YAML injection vulnerabilities.