There is a vulnerability in versions of Rails prior to 188.8.131.52 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Created rubygem-rails tracking bugs for this issue:
Affects: fedora-all [bug 1852381]
Upstream patch: https://github.com/rails/rails/commit/661da266b94909574426fd1121ef13b800e01b9a
Red Hat Satellite and Red Hat CloudForms do not ship vulnerable versions of RubyGem Rails hence not affected to the flaw.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):