- CVE-2012-5664 - SQL Inection Vulnerability
- CVE-2013-0155 - Unsafe Query Generation
- CVE-2013-0156 - Multiple vulnerabilities in parameter parsing in Action Pack
- http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
- http://www.insinuator.net/2013/01/rails-yaml/
- http://ronin-ruby.github.com/blog/2013/01/09/rails-pocs.html
- http://blog.codeclimate.com/blog/2013/01/10/rails-remote-code-execution-vulnerability-explained/
- http://www.mwdesilva.com/posts/68-diving-into-serialization-mischief-in-ruby-land-cve-2013-0156
- https://community.rapid7.com/community/metasploit/blog/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156
- https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156