REXML, the XML library uses by many ruby apps, including rails, has a vulnerability that requires an immediate patch on whatever rails version you're using.

Details and instructions on the official rails weblog, here.

But basically, this is what you need to do:

gem install rexml-expansion-fix

Then, require rexml-expansion-fix in your rails's app environment.rb file.