diff --git a/CVE-2023-22796.patch b/CVE-2023-22796.patch
new file mode 100644
index 0000000000000000000000000000000000000000..314bc13236cd5b0a15e29e8e031e69234ec2577a
--- /dev/null
+++ b/CVE-2023-22796.patch
@@ -0,0 +1,26 @@
+From 2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8 Mon Sep 17 00:00:00 2001
+From: John Hawthorn <john@hawthorn.email>
+Date: Wed, 11 Jan 2023 10:14:55 -0800
+Subject: [PATCH] Avoid regex backtracking in Inflector.underscore
+
+[CVE-2023-22796]
+---
+ activesupport/lib/active_support/inflector/methods.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/activesupport/lib/active_support/inflector/methods.rb b/activesupport/lib/active_support/inflector/methods.rb
+index 68a00d73f2..43abb9c4e1 100644
+--- a/activesupport/lib/active_support/inflector/methods.rb
++++ b/activesupport/lib/active_support/inflector/methods.rb
+@@ -97,7 +97,7 @@ def underscore(camel_cased_word)
+       return camel_cased_word.to_s unless /[A-Z-]|::/.match?(camel_cased_word)
+       word = camel_cased_word.to_s.gsub("::", "/")
+       word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" }
+-      word.gsub!(/([A-Z]+)(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
++      word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
+       word.tr!("-", "_")
+       word.downcase!
+       word
+-- 
+2.35.1
+
diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec
index d1da8409be6c991d5713072b1065c4a8a1cc2de8..409982d125dc6c2256285bdd93366ab02c9c3903 100644
--- a/rubygem-activesupport.spec
+++ b/rubygem-activesupport.spec
@@ -2,7 +2,7 @@
 Name:                rubygem-%{gem_name}
 Epoch:               1
 Version:             7.0.4
-Release:             1
+Release:             2
 Summary:             A support libraries and Ruby core extensions extracted from the Rails framework
 License:             MIT
 URL:                 http://rubyonrails.org
@@ -23,6 +23,7 @@ Patch1: rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_calle
 Patch2: rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with-test.patch
 # https://github.com/rails/rails/pull/45370
 Patch3: rubygem-activesupport-7.0.2.3-Fix-tests-for-minitest-5.16.patch
+Patch4: CVE-2023-22796.patch
 
 Requires:            rubygem(bigdecimal) rubygem(json)
 BuildRequires:       ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder)
@@ -46,6 +47,7 @@ Documentation for %{name}.
 %setup -q -n %{gem_name}-%{version} -b1 -b2
 %patch1 -p2
 %patch3 -p2
+%patch4 -p2
 
 pushd %{_builddir}
 %patch2 -p2
@@ -95,6 +97,9 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Tue Feb 21 2023 wushaozheng <wushaozheng@ncti-gba.cn> - 1:7.0.4-2
+- fix CVE-2023-22796 
+
 * Thu Jan 19 2023 yanxiaobing <yanxiaobing@huawei.com> - 1:7.0.4-1
 - Upgrade to version 7.0.4