Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Ruby on Rails Uncontrolled Resource Consumption Vulnerability - CVE-2026-33169 - Vulnerability Database
Ruby on Rails

Ruby on Rails Uncontrolled Resource Consumption Vulnerability - CVE-2026-33169

Medium
Reference: CVE-2026-33169
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-33169
Title: Ruby on Rails Uncontrolled Resource Consumption Vulnerability
Overview:

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub to insert thousands delimiters. Prior to versions 8.1.2.1 8.0.4.1 and 7.2.3.1 the interaction between the repeated lookahead group and gsub can produce quadratic time complexity on long digit strings. Versions 8.1.2.1 8.0.4.1 and 7.2.3.1 contain a patch.