diff --git a/backport-CVE-2024-35221.patch b/backport-CVE-2024-35221.patch
new file mode 100644
index 0000000000000000000000000000000000000000..386450bdcb2866157b075fdfc07c175a45e40dae
--- /dev/null
+++ b/backport-CVE-2024-35221.patch
@@ -0,0 +1,59 @@
+From 3926ad578c312ddd2ff5221b96ef077b9e24e612 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Thu, 9 Mar 2023 15:42:07 +0900
+Subject: [PATCH] [rubygems/rubygems] Drop to support Psych 3.0 bundled at Ruby
+ 2.5
+Reference:https://github.com/ruby/ruby/commit/3926ad578c312ddd2ff5221b96ef077b9e24e612
+
+---
+ lib/rubygems/safe_yaml.rb | 33 +++++----------------------------
+ 1 file changed, 5 insertions(+), 28 deletions(-)
+
+diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb
+index 5a98505..1208d77 100644
+--- a/lib/rubygems/safe_yaml.rb
++++ b/lib/rubygems/safe_yaml.rb
+@@ -23,35 +23,12 @@ module Gem
+       development
+       runtime
+     ].freeze
++    def self.safe_load(input)
++      ::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
++    end
+ 
+-    if ::Psych.respond_to? :safe_load
+-      def self.safe_load(input)
+-        if Gem::Version.new(Psych::VERSION) >= Gem::Version.new("3.1.0.pre1")
+-          ::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
+-        else
+-          ::Psych.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
+-        end
+-      end
+-
+-      def self.load(input)
+-        if Gem::Version.new(Psych::VERSION) >= Gem::Version.new("3.1.0.pre1")
+-          ::Psych.safe_load(input, permitted_classes: [::Symbol])
+-        else
+-          ::Psych.safe_load(input, [::Symbol])
+-        end
+-      end
+-    else
+-      unless Gem::Deprecate.skip
+-        warn "Psych safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+-      end
+-
+-      def self.safe_load(input, *args)
+-        ::Psych.load input
+-      end
+-
+-      def self.load(input)
+-        ::Psych.load input
+-      end
++    def self.load(input)
++      ::Psych.safe_load(input, permitted_classes: [::Symbol])
+     end
+   end
+ end
+-- 
+2.27.0
+
diff --git a/ruby.spec b/ruby.spec
index 6e44702fafc83f76d25774a76dffd751a35de565..cc062a5095a79a900c5282976d94669586963090 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -33,7 +33,7 @@
 
 Name:      ruby
 Version:   %{ruby_version}
-Release:   140
+Release:   141
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/en/
@@ -91,6 +91,7 @@ Patch6007: backport-CVE-2019-16163.patch
 Patch6015: backport-CVE-2023-36617.patch
 Patch6016: backport-CVE-2024-27281.patch
 Patch6017: backport-CVE-2024-27282.patch
+Patch6018: backport-CVE-2024-35221.patch
 
 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@@ -876,6 +877,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %{gem_dir}/specifications/matrix-%{matrix_version}.gemspec
 
 %changelog
+* Thu May 30 2024 baiguo <baiguo@kylinos.cn> - 3.2.2-141
+- fix CVE-2024-35221
+
 * Mon May 6 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 3.2.2-140
 - fix CVE-2024-27282