CNNVD-202512-5072 Information
CNNVD ID
CNNVD-202512-5072
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
URI是Ruby开源的一个提供类来处理统一资源标识符的模块。 URI 0.12.5之前版本、0.13.3之前版本和1.0.4之前版本存在安全漏洞,该漏洞源于使用+运算符组合URI时可能泄露原始URI中的敏感信息如密码,可能导致凭据泄露。
Description (English)
URI is a provision type of Ruby ’ s open source that handles the module of the Unified Resource Identifier. URI 0.12.5 There is a security loophole in pre-version, pre-version 0.13.3 and pre-version 1.0.4, which arises from the possibility of leaking sensitive information, such as passwords, from the original URL when using the + operator ’ s combination of URLs, which may result in the release of evidence.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ruby
Published
2025-12-30
Last Modified
2026-02-24
References
https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902 https://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/
Patch
https://github.com/ruby/uri/releases
Share on: