Thanks for the link, but it looks like that's for CVE-2013-0156 and CVE-2013-0155. This HN post is about CVE-2013-0333. It does look like there's a newer blog post about this issue though: http://ronin-ruby.github.com/blog/2013/01/28/new-rails-poc.h...

Took a while to write a new blog post. Still, CVE-2013-0333 relies on the same YAML deserialization technique as CVE-2013-0156, so all the previous information is still relevant.