archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-19 18:43:59 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

merge revision(s) 60149: [Backport #14003]

Browse source 
Merge rubygems-2.6.14 changes.

	  It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@60168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nagachika 2017-10-11 13:48:14 +00:00
parent edda792575
commit 1281e56682
7 changed files with 59 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/rubygems/specification.rb
View file

@ -1101,7 +1101,7 @@ class Gem::Specification < Gem::BasicSpecification
Gem.load_yaml
input = normalize_yaml_input input
spec = YAML.load input
spec = Gem::SafeYAML.safe_load input
if spec && spec.class == FalseClass then
raise Gem::EndOfYAMLException