Again, it's Ruby. Unless you do unusual things, there's no type checking beyond duck typing.

We can't tell from just that commit whether that code is definitely exploitable, but they'd have to be doing non-default things to make it not exploitable.