CVE-2025-27221 | URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby URI.join/URI#merge/URI#+ improper removal of sensitive information before storage or transfer

Posted by Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby. It has been rated as problematic. Affected by this issue is the function URI.join/URI#merge/URI#+. The manipulation leads to improper removal of sensitive information before storage or transfer.

This vulnerability is handled as CVE-2025-27221. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-27221 | URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby URI.join/URI#merge/URI#+ improper removal of sensitive information before storage or transfer

Related Posts

CVE-2023-29096 | BestWebSoft Contact Form to DB Plugin up to 1.7.0 on WordPress sql injection

CVE-2024-3061 | HUSKY Plugin up to 1.3.5.2 on WordPress file inclusion

CVE-2024-1209 | LearnDash LMS Plugin up to 4.10.1 on WordPress Assignment information disclosure

AMI AptioV BIOS input validation