VulnerableCode Package Details - pkg:gem/uri@0.12.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-nw8a-e25n-mbgs	URI Credential Leakage Bypass over CVE-2025-27221 In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. The vulnerability affects the `uri` gem bundled with the following Ruby series: * 0.12.4 and earlier (bundled in Ruby 3.2 series) * 0.13.2 and earlier (bundled in Ruby 3.3 series) * 1.0.3 and earlier (bundled in Ruby 3.4 series)	CVE-2025-61594 GHSA-j4pr-3wm6-xx2r

Vulnerability

Summary

Aliases

VCID-nw8a-e25n-mbgs

URI Credential Leakage Bypass over CVE-2025-27221 In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. The vulnerability affects the `uri` gem bundled with the following Ruby series: * 0.12.4 and earlier (bundled in Ruby 3.2 series) * 0.13.2 and earlier (bundled in Ruby 3.3 series) * 1.0.3 and earlier (bundled in Ruby 3.4 series)

CVE-2025-61594
GHSA-j4pr-3wm6-xx2r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:04:54.191454+00:00	GitLab Importer	Fixing	VCID-nw8a-e25n-mbgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/uri/CVE-2025-61594.yml	38.4.0
2026-04-12T01:28:08.448096+00:00	GitLab Importer	Fixing	VCID-nw8a-e25n-mbgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/uri/CVE-2025-61594.yml	38.3.0
2026-04-03T01:36:53.366197+00:00	GitLab Importer	Fixing	VCID-nw8a-e25n-mbgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/uri/CVE-2025-61594.yml	38.1.0
2026-04-01T16:07:26.674640+00:00	GHSA Importer	Fixing	VCID-nw8a-e25n-mbgs	https://github.com/advisories/GHSA-j4pr-3wm6-xx2r	38.0.0
2026-04-01T12:55:32.535565+00:00	GithubOSV Importer	Fixing	VCID-nw8a-e25n-mbgs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-j4pr-3wm6-xx2r/GHSA-j4pr-3wm6-xx2r.json	38.0.0
2026-04-01T12:53:34.901073+00:00	GitLab Importer	Fixing	VCID-nw8a-e25n-mbgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/uri/CVE-2025-61594.yml	38.0.0