From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
From: aycabta <aycabta@gmail.com>
Date: Sun, 2 May 2021 20:52:23 +0900
Subject: [ruby/rdoc] Use File.open to fix the OS Command Injection
 vulnerability in CVE-2021-31799

https://github.com/ruby/rdoc/commit/a7f5d6ab88
---
 lib/rdoc/rdoc.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/rdoc')

diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
index 680a8612f7..904625f105 100644
--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
@@ -444,7 +444,7 @@ The internal error was:
     files.reject do |file, *|
       file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or
         (file =~ /tags$/i and
-         open(file, 'rb') { |io|
+         File.open(file, 'rb') { |io|
            io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
          })
     end
-- 
cgit v1.2.3