ruby-changes:57110
From: Hiroshi <ko1@a...>
Date: Sat, 17 Aug 2019 08:45:05 +0900 (JST)
Subject: [ruby-changes:57110] Hiroshi SHIBATA: 7624154595 (master): Fixed Insecure Operation in require
https://git.ruby-lang.org/ruby.git/commit/?id=7624154595 From 7624154595eb71333a61b37f4c7388b6c031e878 Mon Sep 17 00:00:00 2001 From: Hiroshi SHIBATA <hsbt@r...> Date: Sat, 17 Aug 2019 08:44:31 +0900 Subject: Fixed Insecure Operation in require Caused by 00cd5d74ce diff --git a/lib/rubygems/core_ext/kernel_require.rb b/lib/rubygems/core_ext/kernel_require.rb index 7407c02..5986e35 100755 --- a/lib/rubygems/core_ext/kernel_require.rb +++ b/lib/rubygems/core_ext/kernel_require.rb @@ -40,7 +40,7 @@ module Kernel https://github.com/ruby/ruby/blob/trunk/lib/rubygems/core_ext/kernel_require.rb#L40 rp = nil $LOAD_PATH[0...Gem.load_path_insert_index || -1].each do |lp| Gem.suffixes.each do |s| - full_path = File.expand_path(File.join(lp, "#{path}#{s}")) + full_path = File.expand_path(File.join(lp, "#{path}#{s}").untaint) if File.file?(full_path) rp = full_path break -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/