The error “Psych::DisallowedClass:Tried to load unspecified class: Symbol” is an error that is invoked whenever you are coding in rails and trying to use the hash serializer. Given below is the snippet of the error :
Psych::DisallowedClass:Tried to load unspecified class: SymbolI would like to share with you the steps I took to fix the “Psych::DisallowedClass:Tried to load unspecified class: Symbol” in your project file.
Why “Psych DisallowedClass Tried to load unspecified class Symbol” error is seen?
The error, “Psych::DisallowedClass:Tried to load unspecified class: Symbol” is seen because of a security update in the latest update of Rails, which you can find out more about in the link given here.
Details regarding bug on official Rails site [CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record” are as below:
There is a possible escalation to RCE when using YAML serialized columns in Active Record. This vulnerability has been assigned the CVE identifier CVE-2022-32224. Versions Affected: All. Not affected: None Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1
The Hash serializer in the previous update loaded data with YAML.unsafe_load, this has now been changed to YAML.safe_load. The new method in the security update does not handle data types such as Symbol or Time by default for security reasons.
The detailed solution to fix the error “Psych::DisallowedClass:Tried to load unspecified class: Symbol”, is given below:
How to fix the error, “Psych DisallowedClass Tried to load unspecified class Symbol”?
To fix the error, you will have to either migrate the serializer to JSON or use only safe data types in the serialization which is either Strings or Numbers.
To fix the error, “Psych::DisallowedClass:Tried to load unspecified class: Symbol”, a working workaround to the above error, as suggested in the announcement made by the official website, you can find its link here; is to either migrate the serializer to JSON or use only safe data types in the serialization that is Strings, Numbers etc.
However, there are two configurable quick workarounds though:
Method 1: Add the code
To fix the error, “Psych::DisallowedClass:Tried to load unspecified class: Symbol”, you will have to run the below mentioned code:
config.active_record.use_yaml_unsafe_loadThe above code is not very recommended as it basically goes back to the old behaviour, that is behaviour before the update
This should fix the error, “Psych::DisallowedClass:Tried to load unspecified class: Symbol”.
Method 2: use the YAML column permitted classes
To fix the error, “Psych::DisallowedClass:Tried to load unspecified class: Symbol”, you will have to run the below mentioned code:
config.active_record.yaml_column_permitted_classes = [Symbol]This above mentioned code allows the serializing of Symbols and other unsupported or unsafe data types which you may want to use in your project.
This should fix the error, “Psych::DisallowedClass:Tried to load unspecified class: Symbol”.
Conclusion
To fix the error “Psych::DisallowedClass:Tried to load unspecified class: Symbol”, you have to either migrate the serializer to JSON or use only safe data types in the serialization which is either Strings or Numbers.