Fixed the vulnerability issue

RubyMoney · May 29, 2024 · 2d0b054 · 2d0b054
1 parent 37e183a
commit 2d0b054
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/money/bank/variable_exchange.rb b/lib/money/bank/variable_exchange.rb
@@ -265,6 +265,10 @@ def import_rates(format, s, opts = {})
           warn '[WARNING] Using :ruby format when importing rates is potentially unsafe and ' \
             'might lead to remote code execution via Marshal.load deserializer. Consider using ' \
             'safe alternatives such as :json and :yaml.'
+        elsif format == :yaml
+          warn '[WARNING] Using :yaml format when importing rates is potentially unsafe and ' \
+            'might lead to remote code execution via Marshal.load deserializer. Consider using ' \
+            'safe alternatives such as :json and :ruby.'
         end
 
         store.transaction do