packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ruby/backport-0001-CVE-2024-35221.patch
shixuantong 3bd02027da fix CVE-2024-35221
2024-06-18 19:35:27 +08:00

37 lines
1.1 KiB
Diff
Raw Blame History

From c2812fb616a9a0f31bbc3906a8ec9bad9faec498 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 7 Feb 2024 12:26:31 -0800
Subject: [PATCH] [rubygems/rubygems] Control whether YAML aliases are enabled
in Gem::SafeYAML.safe_load via a constant
https://github.com/rubygems/rubygems/commit/6bedb1cb79
Reference:https://github.com/ruby/ruby/commit/c2812fb616a9a0f31bbc3906a8ec9bad9faec498
Conflict:Slightly different context
---
lib/rubygems/safe_yaml.rb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb
index 789bb5e..5ad256e 100644
--- a/lib/rubygems/safe_yaml.rb
+++ b/lib/rubygems/safe_yaml.rb
@@ -26,9 +26,12 @@ module Gem
runtime
)
+ ALIASES = true # :nodoc:
+ private_constant :ALIASES
+
if ::YAML.respond_to? :safe_load
def self.safe_load input
- ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true)
+ ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, ALIASES)
end
def self.load input
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink