https://rubygems.org/gems/restforce is A lightweight ruby client for the Salesforce REST API.
Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker could inject additional parameters into Salesforce API requests due to the way restforce constructs URL's.
Note This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods.
restforce to version 3.0.0 or higher.