Fixed vulnerability issue

Dev · Dev · commit 1cabc66e1b0e · 2024-05-22T11:31:01.000-07:00
diff --git a/lib/money/bank/variable_exchange.rb b/lib/money/bank/variable_exchange.rb
@@ -258,26 +258,6 @@ def rates
       #
       #   bank.get_rate("USD", "CAD") #=> 1.24515
       #   bank.get_rate("CAD", "USD") #=> 0.803115
-      def import_rates(format, s, opts = {})
-        raise Money::Bank::UnknownRateFormat unless RATE_FORMATS.include?(format)
-
-        if format == :ruby
-          warn '[WARNING] Using :ruby format when importing rates is potentially unsafe and ' \
-            'might lead to remote code execution via Marshal.load deserializer. Consider using ' \
-            'safe alternatives such as :json and :yaml.'
-        end
-
-        store.transaction do
-          data = FORMAT_SERIALIZERS[format].load(s)
-
-          data.each do |key, rate|
-            from, to = key.split(SERIALIZER_SEPARATOR)
-            store.add_rate from, to, rate
-          end
-        end
-
-        self
-      end
     end
   end
 end
