diff --git a/CHANGELOG-2.1.md b/CHANGELOG-2.1.md
index af2928bb9..a4a67455d 100644
--- a/CHANGELOG-2.1.md
+++ b/CHANGELOG-2.1.md
@@ -3,6 +3,7 @@
 ## Security
 
 - [#3723](https://github.com/hyperf/hyperf/pull/3723) Fixed the active_url rule for validation in input fails to correctly check dns record with dns_get_record resulting in bypassing the validation.
+- [#3724](https://github.com/hyperf/hyperf/pull/3724) Fixed bug that `RequiredIf` can be exploited to generate gadget chains for deserialization vulnerabiltiies.
 
 ## Fixed
 
diff --git a/src/validation/src/Rules/RequiredIf.php b/src/validation/src/Rules/RequiredIf.php
index d09c1c8d5..85d1cd7f5 100755
--- a/src/validation/src/Rules/RequiredIf.php
+++ b/src/validation/src/Rules/RequiredIf.php
@@ -11,6 +11,8 @@ declare(strict_types=1);
  */
 namespace Hyperf\Validation\Rules;
 
+use InvalidArgumentException;
+
 class RequiredIf
 {
     /**
@@ -27,7 +29,11 @@ class RequiredIf
      */
     public function __construct($condition)
     {
-        $this->condition = $condition;
+        if (! is_string($condition)) {
+            $this->condition = $condition;
+        } else {
+            throw new InvalidArgumentException('The provided condition must be a callable or boolean.');
+        }
     }
 
     /**