CVE-2026-33169 in activesupportinfo

Zusammenfassung (Englisch)

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between the repeated lookahead group and `gsub!` can produce quadratic time complexity on long digit strings. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

GitHub_M

Reservieren

17.03.2026

Veröffentlichung

24.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
352642	rails activesupport Regular Expression Denial of Service	400	Nicht definiert	Offizieller Fix	CVE-2026-33169

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!