yegor256/factbase

Security concern: It's very dangerous to use `Marshal.load` with untrusted data.

Open

#106 opened on Jul 24, 2024

View on GitHub
 (11 comments) (0 reactions) (0 assignees)Ruby (17 forks)github user discovery
bughelp wanted

Repository metrics

Stars
 (19 stars)
PR merge metrics
 (PR metrics pending)

Description

See security recommendations for details.

It's used in baza. As far as I understand the code, the data was received from an HTTP request, which makes the data untrusted.

https://github.com/yegor256/factbase/blob/51d357c5d3c7411191a43c0184e0f43adba53e78/lib/factbase.rb#L218

Contributor guide