2017/10/GHSA-r8fh-hq2p-7qhq Active Record contains SQL Injection via improper range quoting