貌似影响所有版本,远程执行任意命令... https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
http://news.ycombinator.com/item?id=5035023
exploits 都出来了
https://gist.github.com/4499206
