{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:36:40.186","vulnerabilities":[{"cve":{"id":"CVE-2025-27221","sourceIdentifier":"cve@mitre.org","published":"2025-03-04T00:15:31.847","lastModified":"2025-11-03T22:18:43.737","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."},{"lang":"es","value":"En la gema URI anterior a 1.0.3 para Ruby, los métodos de gestión de URI (URI.join, URI#merge, URI#+) tienen una fuga involuntaria de credenciales de autenticación porque la información del usuario se conserva incluso después de cambiar el host."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":3.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-212"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-212"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"0.11.3","matchCriteriaId":"DBED576B-ECD4-416D-93B7-4ACE5C950A6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*","versionStartIncluding":"0.12.0","versionEndExcluding":"0.12.4","matchCriteriaId":"201EB534-4240-4158-ACB0-C5179813CF59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*","versionStartIncluding":"0.13.0","versionEndExcluding":"0.13.2","matchCriteriaId":"8FB07CCD-3D32-4A0D-B614-D8A30625212E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.3","matchCriteriaId":"34E4B8C4-02CC-45DB-A2AC-E206E511CBDE"}]}]}],"references":[{"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/2957667","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}