A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269.
To mitigate this vulnerability, do not supply untrusted user input and/or untrusted strings to the following method calls or utilize code libraries which do so:
JSON(user_input)
JSON[user_input, nil]
JSON.parse(user_input, nil)
JSON::Parser.new(user_input).parse
Also note that JSON.load() should never be given input from unknown sources.