There is a symbol DoS vulnerability in Active Record. When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Have a look at this example: 1User.where(:name => { ‘foo’ => ‘bar’ }) When you write this small piece of code, the string ‘foo’ […]

Read more at the source