Astra Linux - уязвимость в ruby2.5

URI is a module that provides classes for handling Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled with Ruby 3.2 series, 0.13.2 and earlier bundled with Ruby 3.3 series, 1.0.3 and earlier bundled with Ruby 3.4 series, when using the + operator to combine URIs, sensitive...

ALPINE-CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-61594

The CVE concerns the URI Ruby module. In versions ≤0.12.4 (Ruby 3.2), ≤0.13.2 (Ruby 3.3), and ≤1.0.3 (Ruby 3.4), using the + operator to join URIs could leak passwords from the original URI, bypassing a prior fix for CVE-2025-27221 and exposing credentials. Mitigations are available in fixed rele...

SUSE-SU-2025:4264-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...

SUSE SLES15 Security Update : ruby2.5 (SUSE-SU-2025:02739-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02739-2 advisory. - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

...