These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o them [nil] turns into [] and that is quite innocent.

generated SQL - `IN (NULL)` compact! did all the job.
2022-11-09 12:12:34 -05:00 · 2012-06-13 17:49:29 +04:00 · 2012-06-13 17:49:29 +04:00 · e995734e7f
commit e995734e7f
parent 56a1bb2f10
1 changed files with 0 additions and 3 deletions
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@ -267,9 +267,6 @@ module ActionDispatch

    # Remove nils from the params hash
    def deep_munge(hash)
-      keys = hash.keys.find_all { |k| hash[k] == [nil] }
-      keys.each { |k| hash[k] = nil }
-
      hash.each_value do |v|
        case v
        when Array