More than 10,000 websites are vulnerable to Ruby on Rails’s cookie storage mechanism flaw. Kickstarter.com, Paper. li, Simfy, Ask.fm and Audioboo, Warner Bros. are also vulnerable to this flaw. The vulnerability was actually reported two months ago, but still thousands of website are running a vulnerable version of Ruby on. Ruby on.Rails developers have requested to switch to a different cookie storage system to fix the vulnerability. An attacker could save the encrypted cookie and send it to the server to log in as the victim without reading the contents of the cookie.
Source: https://thehackernews.com/2013/11/thousands-of-websites-based-on-ruby-on_29.html