From: KOSAKI Motohiro <kosaki.motohiro@...>
Date: 2013-01-31T09:34:26+09:00
Subject: [ruby-core:51767] Re: [ruby-trunk - Bug #7759][Open] Marshal.load is not documented to be dangerous

> Marshal.load is incredibly powerful, and also incredibly dangerous.
>
> Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.
>
> Marshal.load should be documented as dangerous and the documentation should also mention that it should only be used on trusted data.

Makes sense. Can you please consider to write down the explanation?