A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed.
Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.