{
  "threat_severity" : "Low",
  "public_date" : "2025-03-03T00:00:00Z",
  "bugzilla" : {
    "description" : "uri: userinfo leakage in URI#join, URI#merge and URI#+",
    "id" : "2349700",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2349700"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-212",
  "details" : [ "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.", "A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URI#join, URI#merge, and URI#+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using these methods, and having someone access that URL, an unintended userinfo leak can occur." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-05-26T00:00:00Z",
    "advisory" : "RHSA-2025:8131",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "ruby-0:3.3.8-10.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-02T00:00:00Z",
    "advisory" : "RHSA-2025:10217",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:3.3-8100020250414172630.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-04-23T00:00:00Z",
    "advisory" : "RHSA-2025:4063",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:3.1-8100020250407112943.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-06T00:00:00Z",
    "advisory" : "RHSA-2025:4488",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ruby:3.1-9050020250404144903.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-06T00:00:00Z",
    "advisory" : "RHSA-2025:4493",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ruby:3.3-9050020250415095239.9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "ruby-30",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "ruby-31",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-27221\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27221\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml\nhttps://hackerone.com/reports/2957667" ],
  "name" : "CVE-2025-27221",
  "csaw" : false
}