UBUNTU-CVE-2026-33169
- Source
- https://ubuntu.com/security/CVE-2026-33169
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33169.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-33169
- Upstream
- Published
- 2026-03-24T00:16:00Z
- Modified
- 2026-03-27T17:20:10.380861Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework.
NumberToDelimitedConverteruses a lookahead-based regular expression withgsub!to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between the repeated lookahead group andgsub!can produce quadratic time complexity on long digit strings. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch. - References
-
- https://ubuntu.com/security/CVE-2026-33169
- https://www.cve.org/CVERecord?id=CVE-2026-33169
- https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11
- https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974
- https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49
- https://github.com/rails/rails/releases/tag/v7.2.3.1
- https://github.com/rails/rails/releases/tag/v8.0.4.1
- https://github.com/rails/rails/releases/tag/v8.1.2.1
- https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38
Affected packages
Ubuntu:24.04:LTS
rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:6.1.7.3+dfsg-3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "rails",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-actioncable",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-actionmailbox",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-actionmailer",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-actionpack",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-actiontext",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-actionview",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-activejob",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-activemodel",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-activerecord",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-activestorage",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-activesupport",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-rails",
"binary_version": "2:6.1.7.3+dfsg-3"
},
{
"binary_name": "ruby-railties",
"binary_version": "2:6.1.7.3+dfsg-3"
}
]
}Ubuntu:25.10
rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:7.2.2.1+dfsg-7?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "rails",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-actioncable",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-actionmailbox",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-actionmailer",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-actionpack",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-actiontext",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-actionview",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-activejob",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-activemodel",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-activerecord",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-activestorage",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-activesupport",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-rails",
"binary_version": "2:7.2.2.1+dfsg-7"
},
{
"binary_name": "ruby-railties",
"binary_version": "2:7.2.2.1+dfsg-7"
}
]
}Ubuntu:Pro:16.04:LTS
rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:4.2.6-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:4.*
2:4.1.10-1
2:4.2.5-1
2:4.2.5.1-1
2:4.2.5.2-2
2:4.2.6-1
2:4.2.6-1ubuntu0.1~esm1
2:4.2.6-1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "rails",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-actionmailer",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-actionpack",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-actionview",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-activejob",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-activemodel",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-activerecord",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-activesupport",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-rails",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
},
{
"binary_name": "ruby-railties",
"binary_version": "2:4.2.6-1ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:18.04:LTS
rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:4.2.10-0ubuntu4+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:4.*
2:4.2.9-2
2:4.2.9-4
2:4.2.10-0ubuntu4
2:4.2.10-0ubuntu4+esm1
2:4.2.10-0ubuntu4+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "rails",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-actionmailer",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-actionpack",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-actionview",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-activejob",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-activemodel",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-activerecord",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-activesupport",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-rails",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
},
{
"binary_name": "ruby-railties",
"binary_version": "2:4.2.10-0ubuntu4+esm2"
}
]
}Ubuntu:Pro:20.04:LTS
rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:5.2.3+dfsg-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "rails",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-actioncable",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-actionmailer",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-actionpack",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-actionview",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-activejob",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-activemodel",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-activerecord",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-activestorage",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-activesupport",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-rails",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "ruby-railties",
"binary_version": "2:5.2.3+dfsg-3ubuntu0.1~esm1"
}
]
}Ubuntu:Pro:22.04:LTS
rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:6.1.4.1+dfsg-8ubuntu2+esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "rails",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-actioncable",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-actionmailbox",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-actionmailer",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-actionpack",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-actiontext",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-actionview",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-activejob",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-activemodel",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-activerecord",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-activestorage",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-activesupport",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-rails",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
},
{
"binary_name": "ruby-railties",
"binary_version": "2:6.1.4.1+dfsg-8ubuntu2+esm1"
}
]
}