Objects in Ruby may be serialized to strings. The main method for doing so is the built-in
Marshal class. The
CSV libraries also have methods for dumping Ruby objects into strings, and then creating objects from those strings.
Brakeman warns when loading user input with
JSON is covered by the checks for CVE-2013-0333
Back to Warning Types