Ruby on Rails is an open source Web application framework built to use with the Ruby programming language. The mass assignments vulnerability is the Ruby equivalent of SQL injection. A successful exploit can allow attackers to take over a website, or steal value data from the underlying databases. The issue affects any server where the XML parser is active–which it is by default. A possible workaround is to disable the XML parsing, but if your applications need to process XML input you’re going to have a problem. New versions of Ruby are available which patch these vulnerabilities.”]
Source: https://www.csoonline.com/article/2132770/update-ruby-now-before-it-goes-off-the-rails.html