uri

RubyGems4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting uripage 1 of 1

CVE-2023-28755MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.10.0.1
2023-03-31
vulnerable: 0.10.0
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The f…
CVE-2023-36617MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.10.0.3
2023-06-29
vulnerable: 0.10.0, 0.10.0.1, 0.10.0.2
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.r…
CVE-2025-27221LOWCVSS 3.2EG 3.2✓ Fixed in 0.11.3
2025-03-04
vulnerable: 0.10.0 ... 0.11.2 (10 versions)
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
CVE-2025-61594HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.4
2025-12-30
vulnerable: 1.0.0, 1.0.1, 1.0.2, 1.0.3
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when usi…

Check whether uri is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for uri CVEs against the assets you own.

Start Free Scan →