There is a possible regular expression based DoS vulnerability in Active Support. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. This affects `String#underscore`, `ActiveSupport::Inflector.underscore`, `String#titleize`, and any other methods using these. All users running an affected release should either upgrade or use one of the workarounds immediately.Read More
ReDoS based DoS vulnerability in Active Supportâs underscore
