CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
Configurations

No configuration.

History

04 Mar 2025, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-04 00:15

Updated : 2025-03-04 00:15


NVD link : CVE-2025-27221

Mitre link : CVE-2025-27221

CVE.ORG link : CVE-2025-27221


JSON object : View

Products Affected

No product.

CWE
CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer