Описание
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
Ссылки
- Third Party Advisory
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
3.2 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.jo ...
EPSS
3.2 Low
CVSS3
5.3 Medium
CVSS3