VYPR
Low severityNVD Advisory· Published Mar 3, 2025· Updated Nov 3, 2025

CVE-2025-27221

CVE-2025-27221

Description

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
uriRubyGems
< 0.11.30.11.3
uriRubyGems
>= 0.12.0, < 0.12.40.12.4
uriRubyGems
>= 0.13.0, < 0.13.20.13.2
uriRubyGems
>= 1.0.0, < 1.0.31.0.3

Affected products

115

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.