. It's a fairly involved and convoluted exploit, but
A fix for the issue has already landed in the master branch.
Update to the latest YCM to get the fix. If you installed with Vundle, you can update by running ":BundleUpdate" in Vim.
I'd like to thank Stephen Röttger for finding the issue, creating a working exploit and responsibly disclosing it. Thank you Stephen!