The Ruby on Rails Web framework has a vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps. The maintainers of Ruby on. Rails have released new versions that fixes the flaw, versions 3.2.10, 3.1.9 and 3.0.18. The problem lies in the way that dynamic finders in Active Record extract. options from method parameters. Carefully crafted requests can use the scope to inject arbitrary. SQL injection.
Source: https://threatpost.com/sql-injection-flaw-haunts-all-ruby-rails-versions-010313/77360/