[CVE-2025-27221] Security vulnerability: uri

## Security Vulnerability Report

**CVE ID:** CVE-2025-27221

**Severity:** LOW (CVSS 3.2)

**CWE:** CWE-212

**CVSS Vector:** `CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N`

### Description

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

**Published:** 2025-03-04T00:15:31.847

### References

- [NVD - CVE-2025-27221](https://nvd.nist.gov/vuln/detail/CVE-2025-27221)
- [MITRE - CVE-2025-27221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27221)

---
*This issue was automatically created by CVE Analyzer*


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[CVE-2025-27221] Security vulnerability: uri #932

Security Vulnerability Report

Description

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[CVE-2025-27221] Security vulnerability: uri #932

Description

Security Vulnerability Report

Description

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions