=begin
Marshal.load is incredibly powerful, and also incredibly dangerous.
Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.
Marshal.load should be documented as dangerous and the documentation should also mention that it should only be used on trusted data.
=end
Marshal.load is incredibly powerful, and also incredibly dangerous.
Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.
Marshal.load should be documented as dangerous and the documentation should also mention that it should only be used on trusted data.
Makes sense. Can you please consider to write down the explanation?
Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.
You would imagine so, however I have seen a lot of code that does unmarshal untrusted data.
I will send an example to security@ruby-lang.org. Please note that I do not consider this a vulnerability in Ruby. Marshal is dangerous by design. This is an education problem - we need to document the fact that it is dangerous.
Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.
This issue was solved with changeset r38999.
Charlie, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
marshal.c: warn against using Marshal.load on untrusted data
marshal.c (marshal_load): Add documentation warning against using
Marshal.load on untrusted data [Bug #7759] [ruby-core:51765]
Updated by 
Updated by 
Updated by