diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-06-04 10:38:43 +0900 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-07-27 09:25:56 +0900 |
commit | 803c60858e42463d33a00950883b17b1c38a2347 (patch) | |
tree | f487dd700b4087bda80b55032edaf3d6bb284e3e /lib | |
parent | 88e46cf6b83e2ca701cf122756fef9bc2550e845 (diff) |
[rubygems/rubygems] Check requirements classes
Mitigate the security risk:
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
https://github.com/rubygems/rubygems/commit/141c2f4388
Diffstat (limited to 'lib')
-rw-r--r-- | lib/rubygems/requirement.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/rubygems/requirement.rb b/lib/rubygems/requirement.rb index 0067f6304a..16de45ad91 100644 --- a/lib/rubygems/requirement.rb +++ b/lib/rubygems/requirement.rb @@ -199,6 +199,8 @@ class Gem::Requirement def marshal_load(array) # :nodoc: @requirements = array[0] + + raise TypeError, "wrong @requirements" unless Array === @requirements end def yaml_initialize(tag, vals) # :nodoc: |