[cmpb]

It's not a full-on answer, but it should clear up a little bit about how this vulnerability is possible.

http://www.insinuator.net/2013/01/rails-yaml/