PT-2026-27256 · Unknown+1 · Active Support+1

Jhawthorn

Publicado

2026-03-23

Atualizado

2026-05-08

CVE-2026-33169

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1

Description The NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands delimiters. The interaction between a repeated lookahead group and gsub! can result in quadratic time complexity when processing long digit strings. This can potentially stall Ruby on Rails applications.

Recommendations Upgrade to Active Support version 8.1.2.1. Upgrade to Active Support version 8.0.4.1. Upgrade to Active Support version 7.2.3.1.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333CWE-400

Identificadores relacionados

BDU:2026-07236

CVE-2026-33169

GHSA-CG4J-Q9V8-6V38

Produtos afetados

Active Support

Red Os

PT-2026-27256 · Unknown+1 · Active Support+1

CVE-2026-33169

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25