{"id":"CVE-2025-27221","details":"In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.","aliases":["GHSA-22h5-pq3x-2gf2"],"modified":"2026-04-17T13:29:23.031690315Z","published":"2025-03-04T00:15:31.847Z","related":["ALSA-2025:10217","ALSA-2025:4063","ALSA-2025:4488","ALSA-2025:8131","CGA-5w7v-pfgx-27j2","SUSE-SU-2025:02739-1","SUSE-SU-2025:02739-2","SUSE-SU-2025:4264-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"},{"type":"REPORT","url":"https://hackerone.com/reports/2957667"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/uri","events":[{"introduced":"0"},{"fixed":"c13dfc2164bc4af31085e709ab348fdbd527013f"},{"introduced":"72f22716f86fe6bccf52c167cbb30e1a6e70aaca"},{"fixed":"b079fb331eba7254d13e5e3c7e1853f9b28fc63a"},{"introduced":"b50d37f7a193991c56bda7f94e8dd6fec0bb3f7f"},{"fixed":"cef02d63f5e0d7685631e0ed9324b2801784c871"},{"introduced":"af8d9d6bb1a90da71f64a9c3f8eddd3626d44efb"},{"fixed":"3213f4a0f80f10c8f36993dbb9eabe7f2c1b50fd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.11.3"},{"introduced":"0.12.0"},{"fixed":"0.12.4"},{"introduced":"0.13.0"},{"fixed":"0.13.2"},{"introduced":"1.0.0"},{"fixed":"1.0.3"}]}}],"versions":["v0.10.0","v0.10.1","v0.11.0","v0.11.1","v0.11.2","v0.12.0","v0.12.1","v0.12.2","v0.12.3","v0.13.0","v0.13.1","v1.0.0","v1.0.1","v1.0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27221.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}