marginalia is a gem that Attach comments to your ActiveRecord queries.
Affected versions of this package are vulnerable to SQL injection
Marginalia::Comment. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance
a parameter or a header.
marginalia to version 1.6.0 or higher.