Vulnerabilities

CVE-2025-27221

by Fred · 04/03/2025

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

More information : https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml

Similar

Tags: Cybersecurity Alert