From 2d0b054e3587691604b815e076f97dfc08ebdf1a Mon Sep 17 00:00:00 2001
From: Dev <dev@Devs-MacBook-Pro-7.local>
Date: Wed, 29 May 2024 07:50:50 -0700
Subject: [PATCH] Fixed the vulnerability issue

---
 lib/money/bank/variable_exchange.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/money/bank/variable_exchange.rb b/lib/money/bank/variable_exchange.rb
index 1a7dbe4b83..1ac7d8b17b 100644
--- a/lib/money/bank/variable_exchange.rb
+++ b/lib/money/bank/variable_exchange.rb
@@ -265,6 +265,10 @@ def import_rates(format, s, opts = {})
           warn '[WARNING] Using :ruby format when importing rates is potentially unsafe and ' \
             'might lead to remote code execution via Marshal.load deserializer. Consider using ' \
             'safe alternatives such as :json and :yaml.'
+        elsif format == :yaml
+          warn '[WARNING] Using :yaml format when importing rates is potentially unsafe and ' \
+            'might lead to remote code execution via Marshal.load deserializer. Consider using ' \
+            'safe alternatives such as :json and :ruby.'
         end
 
         store.transaction do