diff options
| author | aycabta <aycabta@gmail.com> | 2021-05-02 20:52:23 +0900 |
|---|---|---|
| committer | aycabta <aycabta@gmail.com> | 2021-05-21 13:42:24 +0900 |
| commit | b1c73f239fe9af97de837331849f55d67c27561e (patch) | |
| tree | 05dea67a20ab70c670d3f7b21b2a5d717327f4cd /lib/rdoc | |
| parent | 9edad0df74c6ad39281852cca9793fc7dba5c81f (diff) | |
| download | ruby-b1c73f239fe9af97de837331849f55d67c27561e.tar.gz | |
[ruby/rdoc] Use File.open to fix the OS Command Injection vulnerability in CVE-2021-31799
https://github.com/ruby/rdoc/commit/a7f5d6ab88
Diffstat (limited to 'lib/rdoc')
| -rw-r--r-- | lib/rdoc/rdoc.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb index 680a8612f7..904625f105 100644 --- a/lib/rdoc/rdoc.rb +++ b/lib/rdoc/rdoc.rb @@ -444,7 +444,7 @@ The internal error was: files.reject do |file, *| file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or (file =~ /tags$/i and - open(file, 'rb') { |io| + File.open(file, 'rb') { |io| io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/ }) end |