PT-2026-27256 · Unknown+1 · Active Support+1
Jhawthorn
·
Published
2026-03-23
·
Updated
2026-05-08
·
CVE-2026-33169
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Active Support versions prior to 8.1.2.1
Active Support versions prior to 8.0.4.1
Active Support versions prior to 7.2.3.1
Description
The
NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands delimiters. The interaction between a repeated lookahead group and gsub! can result in quadratic time complexity when processing long digit strings. This can potentially stall Ruby on Rails applications.Recommendations
Upgrade to Active Support version 8.1.2.1.
Upgrade to Active Support version 8.0.4.1.
Upgrade to Active Support version 7.2.3.1.
Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Active Support
Red Os