diff --git a/backport-CVE-2024-41946.patch b/backport-CVE-2024-41946.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8970716a3e8ee82419dd30ea01622f0cc5c806e8
--- /dev/null
+++ b/backport-CVE-2024-41946.patch
@@ -0,0 +1,112 @@
+From 033d1909a8f259d5a7c53681bcaf14f13bcf0368 Mon Sep 17 00:00:00 2001
+From: NAITOH Jun <naitoh@gmail.com>
+Date: Thu, 1 Aug 2024 09:20:31 +0900
+Subject: [PATCH] Add support for XML entity expansion limitation in SAX and
+ pull parsers (#187)
+https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368
+
+- Supported `REXML::Security.entity_expansion_limit=` in SAX and pull parsers
+- Supported `REXML::Security.entity_expansion_text_limit=` in SAX and pull parsers
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 19 ++++++-
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb |  4 ++
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb |  4 ++
+ 3 files changed, 26 insertions(+), 1 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 54014e5..c4ddee3 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -154,6 +154,7 @@ module REXML
+         self.stream = source
+         @listeners = []
+         @prefixes = Set.new
++        @entity_expansion_count = 0
+       end
+ 
+       def add_listener( listener )
+@@ -161,6 +162,7 @@ module REXML
+       end
+ 
+       attr_reader :source
++      attr_reader :entity_expansion_count
+ 
+       def stream=( source )
+         @source = SourceFactory.create_from( source )
+@@ -513,7 +515,9 @@ module REXML
+       def entity( reference, entities )
+         value = nil
+         value = entities[ reference ] if entities
+-        if not value
++        if value
++          record_entity_expansion
++        else
+           value = DEFAULT_ENTITIES[ reference ]
+           value = value[2] if value
+         end
+@@ -552,12 +556,17 @@ module REXML
+         }
+         matches.collect!{|x|x[0]}.compact!
+         if matches.size > 0
++          sum = 0
+           matches.each do |entity_reference|
+             unless filter and filter.include?(entity_reference)
+               entity_value = entity( entity_reference, entities )
+               if entity_value
+                 re = Private::DEFAULT_ENTITIES_PATTERNS[entity_reference] || /&#{entity_reference};/
+                 rv.gsub!( re, entity_value )
++                sum += rv.bytesize
++                if sum > Security.entity_expansion_text_limit
++                  raise "entity expansion has grown too large"
++                end
+               else
+                 er = DEFAULT_ENTITIES[entity_reference]
+                 rv.gsub!( er[0], er[2] ) if er
+@@ -570,6 +579,14 @@ module REXML
+       end
+ 
+       private
++
++      def record_entity_expansion
++        @entity_expansion_count += 1
++        if @entity_expansion_count > Security.entity_expansion_limit
++          raise "number of entity expansions exceeded, processing aborted."
++        end
++      end
++
+       def need_source_encoding_update?(xml_declaration_encoding)
+         return false if xml_declaration_encoding.nil?
+         return false if /\AUTF-16\z/i =~ xml_declaration_encoding
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb
+index f8b232a..36b4595 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/pullparser.rb
+@@ -47,6 +47,10 @@ module REXML
+         @listeners << listener
+       end
+ 
++      def entity_expansion_count
++        @parser.entity_expansion_count
++      end
++
+       def each
+         while has_next?
+           yield self.pull
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb
+index 36f98c2..cec9d2f 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb
+@@ -22,6 +22,10 @@ module REXML
+         @parser.source
+       end
+ 
++      def entity_expansion_count
++        @parser.entity_expansion_count
++      end
++
+       def add_listener( listener )
+         @parser.add_listener( listener )
+       end
+-- 
+2.20.1
+
diff --git a/ruby.spec b/ruby.spec
index 9206614ba3de549d20ffdf350b3ead345e4e6df6..8921d6912ad00ec9398cbaeb2940120ac0c25611 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -33,7 +33,7 @@
 
 Name:      ruby
 Version:   %{ruby_version}
-Release:   136
+Release:   137
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/en/
@@ -201,6 +201,7 @@ Patch6029: backport-0003-CVE-2024-35221.patch
 Patch6030: backport-0004-CVE-2024-35221.patch
 Patch6031: backport-0005-CVE-2024-35221.patch
 Patch6032: upgrade-lib-rexml-to-3.3.1.patch
+Patch6033: backport-CVE-2024-41946.patch
 
 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@@ -1199,6 +1200,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/testbed
 
 %changelog
+* Fri Aug 09 2024 zhangxianting <zhangxianting@uniontech.com> - 3.0.3-137
+- fix CVE-2024-41946
+
 * Sat Jul 06 2024 shixuantong <shixuantong1@huawei.com> - 3.0.3-136
 - upgrade rexml to fix CVE-2024-36176