URI Credential Leakage Bypass over CVE-2025-27221
In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials.
When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure.
The vulnerability affects the `uri` gem bundled with the following Ruby series:
* 0.12.4 and earlier (bundled in Ruby 3.2 series)
* 0.13.2 and earlier (bundled in Ruby 3.3 series)
* 1.0.3 and earlier (bundled in Ruby 3.4 series)
Improper Removal of Sensitive Information Before Storage or Transfer
description
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
1
cwe_id
937
name
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id
1035
name
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id
200
name
Exposure of Sensitive Information to an Unauthorized Actor
description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.