This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Ruby on Rails team reports :
There is a SQL injection vulnerability in Active Record in ALL
versions. Due to the way dynamic finders in Active Record extract
options from method parameters, a method parameter can mistakenly be
used as a scope. Carefully crafted requests can use the scope to
inject arbitrary SQL.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5