## CVE-2026-33169: Medium-Severity Vulnerability Found in Ruby's activesupport-7.1.3.4.gem
A medium-severity vulnerability, CVE-2026-33169, has been detected in a widely used Ruby library, activesupport-7.1.3.4.gem. This library is a core toolkit providing support for multibyte strings, internationalization, time zones, and testing, extracted from the popular Rails framework. The vulnerability was identified within the dependency chain of a project, specifically flagged in the cached gem file at `/home/wss-scanner/.gem/ruby/3.2.0/cache/activesupport-7.1.3.4.gem`.

The vulnerability originates from the library `activesupport-7.1.3.4.gem`, which is a transitive dependency. The dependency hierarchy shows the root library `jemoji-0.13.0.gem` depends on `html-pipeline-2.14.3.gem`, which in turn pulls in the vulnerable version of ActiveSupport. This path was found in the project's `Gemfile.lock` configuration file, indicating the vulnerable code is integrated into the build and present in the latest project commit.

The presence of this CVE in a foundational support library raises immediate security concerns for any application relying on this specific gem version. While rated as medium severity, its integration into a dependency chain that includes libraries for processing HTML and emoji suggests potential attack vectors related to input handling or data serialization. Projects using this gem version are now under scrutiny and must assess the risk and apply the necessary patch or version update to mitigate the exposure.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Ruby, Vulnerability, Rails, Open Source Security
- **Credibility**: unverified
- **Published**: 2026-04-08 06:27:08
- **ID**: 54433
- **URL**: https://whisperx.ai/en/intel/54433