[ruby-core:51765] [ruby-trunk - Bug #7759][Open] Marshal.load is not documented to be dangerous

< ^ > P N |<>| ^ _>< --- | ~ ...Help

Issue #7759 has been reported by charliesome (Charlie Somerville).

----------------------------------------
Bug #7759: Marshal.load is not documented to be dangerous
https://bugs.ruby-lang.org/issues/7759

Author: charliesome (Charlie Somerville)
Status: Open
Priority: Normal
Assignee: 
Category: DOC
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2013-01-07 trunk 38733) [x86_64-darwin12.2.1]


=begin
Marshal.load is incredibly powerful, and also incredibly dangerous.

Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.

Marshal.load should be documented as dangerous and the documentation should also mention that it should only be used on trusted data.
=end


-- 
http://bugs.ruby-lang.org/