1 files changed, 9 insertions, 7 deletions

diff --git a/lib/rubygems/source.rb b/lib/rubygems/source.rb
index 8b3a8828d1..d90e311b65 100644
--- a/lib/rubygems/source.rb
+++ b/lib/rubygems/source.rb
@@ -12,9 +12,9 @@ class Gem::Source
   include Gem::Text
 
   FILES = { # :nodoc:
-    :released => "specs",
-    :latest => "latest_specs",
-    :prerelease => "prerelease_specs",
+    released: "specs",
+    latest: "latest_specs",
+    prerelease: "prerelease_specs",
   }.freeze
 
   ##
@@ -101,7 +101,6 @@ class Gem::Source
   def cache_dir(uri)
     # Correct for windows paths
     escaped_path = uri.path.sub(%r{^/([a-z]):/}i, '/\\1-/')
-    escaped_path.tap(&Gem::UNTAINT)
 
     File.join Gem.spec_cache_dir, "#{uri.host}%#{uri.port}", File.dirname(escaped_path)
   end
@@ -135,8 +134,9 @@ class Gem::Source
 
     if File.exist? local_spec
       spec = Gem.read_binary local_spec
+      Gem.load_safe_marshal
       spec = begin
-               Marshal.load(spec)
+               Gem::SafeMarshal.safe_load(spec)
              rescue StandardError
                nil
              end
@@ -157,8 +157,9 @@ class Gem::Source
       end
     end
 
+    Gem.load_safe_marshal
     # TODO: Investigate setting Gem::Specification#loaded_from to a URI
-    Marshal.load spec
+    Gem::SafeMarshal.safe_load spec
   end
 
   ##
@@ -188,8 +189,9 @@ class Gem::Source
 
     spec_dump = fetcher.cache_update_path spec_path, local_file, update_cache?
 
+    Gem.load_safe_marshal
     begin
-      Gem::NameTuple.from_list Marshal.load(spec_dump)
+      Gem::NameTuple.from_list Gem::SafeMarshal.safe_load(spec_dump)
     rescue ArgumentError
       if update_cache? && !retried
         FileUtils.rm local_file