DEBIAN-CVE-2026-33169
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-33169
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-33169.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-33169
- Upstream
- Published
- 2026-03-24T00:16:28.113Z
- Modified
- 2026-03-25T19:46:32.117066Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework.
NumberToDelimitedConverteruses a lookahead-based regular expression withgsub!to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between the repeated lookahead group andgsub!can produce quadratic time complexity on long digit strings. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch. - References
Affected packages
Debian:11 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:6.*
2:6.0.3.7+dfsg-2
2:6.0.3.7+dfsg-2+deb11u1
2:6.0.3.7+dfsg-2+deb11u2
2:6.0.3.7+dfsg-2+deb11u3
2:6.0.3.7+dfsg-2+deb11u4
2:6.0.3.7+dfsg-3
2:6.1.4+dfsg-1
2:6.1.4+dfsg-2
2:6.1.4+dfsg-3
2:6.1.4+dfsg-4
2:6.1.4.1+dfsg-1
2:6.1.4.1+dfsg-2
2:6.1.4.1+dfsg-3
2:6.1.4.1+dfsg-4
2:6.1.4.1+dfsg-5
2:6.1.4.1+dfsg-6
2:6.1.4.1+dfsg-7
2:6.1.4.1+dfsg-8
2:6.1.4.6+dfsg-1
2:6.1.4.6+dfsg-2
2:6.1.4.6+dfsg-3
2:6.1.4.7+dfsg-1
2:6.1.4.7+dfsg-2
2:6.1.6.1+dfsg-1
2:6.1.6.1+dfsg-2
2:6.1.6.1+dfsg-3
2:6.1.6.1+dfsg-4
2:6.1.7+dfsg-1
2:6.1.7+dfsg-2
2:6.1.7+dfsg-3~bpo11+1
2:6.1.7+dfsg-3~bpo11+2
2:6.1.7+dfsg-3
2:6.1.7.3+dfsg-1~bpo11+1
2:6.1.7.3+dfsg-1
2:6.1.7.3+dfsg-2~deb12u1
2:6.1.7.3+dfsg-2
2:6.1.7.3+dfsg-3
2:6.1.7.3+dfsg-4
2:6.1.7.3+dfsg-5
2:6.1.7.3+dfsg-6
2:6.1.7.3+dfsg-7~exp1
2:6.1.7.3+dfsg-7
2:6.1.7.3+dfsg-8
2:6.1.7.3+dfsg-9
2:6.1.7.3+dfsg-10
2:6.1.7.3+dfsg-11
2:6.1.7.3+dfsg-12
2:6.1.7.3+dfsg-13
2:6.1.7.10+dfsg-1~deb12u1
2:6.1.7.10+dfsg-1~deb12u2
2:7.*
2:7.2.2.1+dfsg-1~exp1
2:7.2.2.1+dfsg-1~exp2
2:7.2.2.1+dfsg-1~exp3
2:7.2.2.1+dfsg-1~exp4
2:7.2.2.1+dfsg-1~exp6
2:7.2.2.1+dfsg-1
2:7.2.2.1+dfsg-2
2:7.2.2.1+dfsg-3
2:7.2.2.1+dfsg-4
2:7.2.2.1+dfsg-5
2:7.2.2.1+dfsg-6
2:7.2.2.1+dfsg-7
2:7.2.2.2+dfsg-1
2:7.2.2.2+dfsg-2~deb13u1
2:7.2.2.2+dfsg-2
2:7.2.3+dfsg-1
2:7.2.3+dfsg-2
2:7.2.3+dfsg-3
Debian:12 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:6.*
2:6.1.7.3+dfsg-1
2:6.1.7.3+dfsg-2~deb12u1
2:6.1.7.3+dfsg-2
2:6.1.7.3+dfsg-3
2:6.1.7.3+dfsg-4
2:6.1.7.3+dfsg-5
2:6.1.7.3+dfsg-6
2:6.1.7.3+dfsg-7~exp1
2:6.1.7.3+dfsg-7
2:6.1.7.3+dfsg-8
2:6.1.7.3+dfsg-9
2:6.1.7.3+dfsg-10
2:6.1.7.3+dfsg-11
2:6.1.7.3+dfsg-12
2:6.1.7.3+dfsg-13
2:6.1.7.10+dfsg-1~deb12u1
2:6.1.7.10+dfsg-1~deb12u2
2:7.*
2:7.2.2.1+dfsg-1~exp1
2:7.2.2.1+dfsg-1~exp2
2:7.2.2.1+dfsg-1~exp3
2:7.2.2.1+dfsg-1~exp4
2:7.2.2.1+dfsg-1~exp6
2:7.2.2.1+dfsg-1
2:7.2.2.1+dfsg-2
2:7.2.2.1+dfsg-3
2:7.2.2.1+dfsg-4
2:7.2.2.1+dfsg-5
2:7.2.2.1+dfsg-6
2:7.2.2.1+dfsg-7
2:7.2.2.2+dfsg-1
2:7.2.2.2+dfsg-2~deb13u1
2:7.2.2.2+dfsg-2
2:7.2.3+dfsg-1
2:7.2.3+dfsg-2
2:7.2.3+dfsg-3
Debian:13 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected