metasploit people seem to be getting stuck trying to get a version that runs against rails 2.x 3.x and different ruby versions. so might be a while before they release :)
however, there are multiple PoCs floating around so it is fairly safe to assume attackers have access to it.
however, there are multiple PoCs floating around so it is fairly safe to assume attackers have access to it.