You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's wrong because the format never specifies the symbol type which opens unexpected behaviors but more importantly, symbols are never garbage collected which means that an attacker could easily flood a VM with unused objects.
The text was updated successfully, but these errors were encountered:
That is the behavior in the :object mode. If it is not what you want then use a different mode. You can also change the symbolize_keys option. It is only a vulnerability if you expose it directly to end users in that mode. Don't do that and you will be fine.
Oj shouldn't produce symbols when parsing a JSON message:
It's wrong because the format never specifies the symbol type which opens unexpected behaviors but more importantly, symbols are never garbage collected which means that an attacker could easily flood a VM with unused objects.
The text was updated successfully, but these errors were encountered: