activesupport: Avoid Marshal.load on raw cache value in MemCacheStore
Dalli is already being used for marshalling, so we should also rely on it for unmarshalling. Since Dalli tags the cache value as marshalled it can avoid unmarshalling a raw string which might have come from an untrusted source. [CVE-2020-8165]
Showing
想要评论请 注册 或 登录