docs/warning_types/CVE-2010-3933/index.markdown
Rails 2.3.9 and 3.0.0 are vulnerable to an attack on nested attributes wherein a malicious user could alter data in any record in the system.
It is recommended to upgrade to at least 2.3.10 or 3.0.1.
For more details see [CVE-2011-0446](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f9f913d328dafe0c).