Vulnerabilities > CVE-2025-27221 - Unspecified vulnerability in TAL URL

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tal

NVD

Published: 2025-03-04

Updated: 2025-03-05

Summary

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

Vulnerable Configurations

Part	Description	Count
Application	Tal TAL URL *	1

References

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
https://hackerone.com/reports/2957667