Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
Ruby on Rails is prone to an SQL-injection vulnerability.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability is fixed in the following versions:
Ruby on Rails 3.0.14, 3.1.6 and 3.2.6.