In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
References
Configurations
No configuration.
History
04 Mar 2025, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-04 00:15
Updated : 2025-03-04 00:15
NVD link : CVE-2025-27221
Mitre link : CVE-2025-27221
CVE.ORG link : CVE-2025-27221
JSON object : View
Products Affected
No product.
CWE
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer