An SQL injection vulnerability in the quote_table_name method could allow malicious users to inject arbitrary SQL into a query .
This is corrected in upstream 3.0.10, 2.3.13, and 3.1.0rc5 versions. Patches are available in the advisory  and in git .
This flaw is in rubygem-activerecord, not rubygem-rails.
Created rubygem-activerecord tracking bugs for this issue
Affects: fedora-all [bug 731452]
Affects: epel-5 [bug 731453]
This issue has been assigned the name CVE-2011-2930: