Unprotected mass assignment
Invite.find_by(:invited_by => current_user, :id => params[:id]).topic_invites.create!(:topic_id => Topic.find_by(:id => params[:topic_id]).id)
Category description: Unprotected model attributes give the attacker a way to rewrite them. E.g., change the admin flag to true.
Solution: fix the issue in app/controllers/invites_controller.rb or mark it as false positive.