diff options
| author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2019-08-17 08:44:31 +0900 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2019-08-17 08:44:31 +0900 |
| commit | 7624154595eb71333a61b37f4c7388b6c031e878 (patch) | |
| tree | ef70c9a9fc1ee2be11acdafd3906210c03d9e797 /lib | |
| parent | e0fc9b7ccd9e14bd925cd46606ad201d0b57a423 (diff) | |
Fixed Insecure Operation in require
Caused by 00cd5d74ce
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/rubygems/core_ext/kernel_require.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rubygems/core_ext/kernel_require.rb b/lib/rubygems/core_ext/kernel_require.rb index 7407c02931..5986e356bc 100755 --- a/lib/rubygems/core_ext/kernel_require.rb +++ b/lib/rubygems/core_ext/kernel_require.rb @@ -40,7 +40,7 @@ module Kernel rp = nil $LOAD_PATH[0...Gem.load_path_insert_index || -1].each do |lp| Gem.suffixes.each do |s| - full_path = File.expand_path(File.join(lp, "#{path}#{s}")) + full_path = File.expand_path(File.join(lp, "#{path}#{s}").untaint) if File.file?(full_path) rp = full_path break |