From 7624154595eb71333a61b37f4c7388b6c031e878 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Sat, 17 Aug 2019 08:44:31 +0900
Subject: Fixed Insecure Operation in require

  Caused by 00cd5d74ce
---
 lib/rubygems/core_ext/kernel_require.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/rubygems/core_ext/kernel_require.rb b/lib/rubygems/core_ext/kernel_require.rb
index 7407c02931..5986e356bc 100755
--- a/lib/rubygems/core_ext/kernel_require.rb
+++ b/lib/rubygems/core_ext/kernel_require.rb
@@ -40,7 +40,7 @@ module Kernel
       rp = nil
       $LOAD_PATH[0...Gem.load_path_insert_index || -1].each do |lp|
         Gem.suffixes.each do |s|
-          full_path = File.expand_path(File.join(lp, "#{path}#{s}"))
+          full_path = File.expand_path(File.join(lp, "#{path}#{s}").untaint)
           if File.file?(full_path)
             rp = full_path
             break
-- 
cgit v1.2.3