Ruby on Rails Vulnerability

On January 8th, Aaron Patterson announced CVE-2013-0156, multiple vulnerabilities in parameter parsing in Action Pack allowing attackers to:
Bypass Authentication systems
Inject Arbitrary SQL
Perform a Denial of Service (DoS)
Execute arbitrary code

That means that anyone running Ruby on Rails is advised to update to the latest version, as not doing so could lead to a compromise.

More information:
http://weblog.rubyonrails.org/
http://ronin-ruby.github.com/blog/2013/01/09/rails-pocs.html