CVE-2025-27221 | URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby URI.join/URI#merge/URI#+ improper removal of sensitive information before storage or transfer

Posted by Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby. It has been rated as problematic. Affected by this issue is the function URI.join/URI#merge/URI#+. The manipulation leads to improper removal of sensitive information before storage or transfer.

This vulnerability is handled as CVE-2025-27221. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-27221 | URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby URI.join/URI#merge/URI#+ improper removal of sensitive information before storage or transfer

Related Posts

CVE-2023-6759 | Thecosy IceCMS 2.0.1 Love /WebResource/resource improper enforcement of a single, unique action

CVE-2023-41993 | Oracle Java SE/GraalVM Enterprise Edition JavaFX WebKitGTK unusual condition

CVE-2024-33583 | Siemens SIMATIC RTLS Locating Manager up to 3.0.1.0 Configuration backdoor (ssa-093430)

CVE-2020-12612 | BeyondTrust Privilege Management up to 5.6 on Windows Environment Variable Local Privilege Escalation