2017/10/GHSA-gh2w-j7cx-2664 Active Record contains SQL Injection