CVE-2025-61594
- EPSS 0.02%
- Veröffentlicht 30.12.2025 21:15:43
- Zuletzt bearbeitet 24.02.2026 14:57:18
URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sen...
CVE-2025-27221
- EPSS 0.04%
- Veröffentlicht 04.03.2025 00:15:31
- Zuletzt bearbeitet 03.11.2025 22:18:43
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
CVE-2023-36617
- EPSS 0.98%
- Veröffentlicht 29.06.2023 13:15:09
- Zuletzt bearbeitet 04.11.2025 18:15:40
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc39...
CVE-2023-28755
- EPSS 0.32%
- Veröffentlicht 31.03.2023 04:15:09
- Zuletzt bearbeitet 04.11.2025 18:15:40
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versio...