Gentoo Linux Security Advisory 200912-2 - Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements. Versions less than 2.2.2 are affected.
16d8e364cfb92aed20ead8b90f7ddfb138996017dcb068bdfb6e381ed4b6eee8
Gentoo Linux Security Advisory GLSA 200711-17 - candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames. The session management functionality allowed the session_id to be set in the URL. BCC discovered that the to_json() function does not properly sanitize input before returning it to the user. Versions less than 1.2.5 are affected.
56267a11d2e0430390325feac70669ed4b084a3bbfe8e068dc20a304ea8ef191