USN-8137-1 ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerability

It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs. A remote attacker could possibly use this issue to leak authentication credentials...

CVE-2025-61594 URI Credential Leakage Bypass over CVE-2025-27221

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...