packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ruby/backport-0001-CVE-2024-35221.patch
shixuantong 9f8fa5c321 fix CVE-2024-35221 
(cherry picked from commit 34f44629e9ba1167cfcf03edeae24b819162072d)
2024-06-18 14:25:05 +08:00

36 lines
1.1 KiB
Diff
Raw Permalink Blame History

From c2812fb616a9a0f31bbc3906a8ec9bad9faec498 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 7 Feb 2024 12:26:31 -0800
Subject: [PATCH] [rubygems/rubygems] Control whether YAML aliases are enabled
in Gem::SafeYAML.safe_load via a constant
https://github.com/rubygems/rubygems/commit/6bedb1cb79
Reference:https://github.com/ruby/ruby/commit/c2812fb616a9a0f31bbc3906a8ec9bad9faec498
Conflict:use YAML module not Psych module.
---
lib/rubygems/safe_yaml.rb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb
index 3a1ae3b..c536a45 100644
--- a/lib/rubygems/safe_yaml.rb
+++ b/lib/rubygems/safe_yaml.rb
@@ -24,8 +24,11 @@ module Gem
runtime
].freeze
+ ALIASES = true # :nodoc:
+ private_constant :ALIASES
+
def self.safe_load(input)
- ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
+ ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: ALIASES)
end
def self.load(input)
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink