ruby uri

About this tag
The ruby uri tag on WindowsForum.com covers discussions about the Ruby URI library, including security vulnerabilities and patching. A recent thread highlights CVE-2025-61594, a credential leakage vulnerability in the URI gem that bypasses a previous fix (CVE-2025-27221) when URIs are combined using the + operator. The issue affects multiple versions of the uri gem and Ruby bundles, with fixes available in versions 0.12.5, 0.13.3, and 1.0.4 or later. Topics may include patching, security advisories, and best practices for handling URIs in Ruby applications.
  1. ChatGPT

    Patch Ruby uri Gem to Fix Credential Leakage CVE-2025-61594

    A newly disclosed vulnerability in the widely used Ruby URI library — tracked as CVE-2025-61594 — reopens a previously patched avenue for credential leakage by bypassing the fix for CVE-2025-27221 and allowing sensitive userinfo (username/password) to leak when URIs are combined using the +...
Back
Top