A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
auto_link