Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 1433a5ab7d8e · 2026-04-24T13:44:04.000Z
GHSA-j4pr-3wm6-xx2r GHSA-jg4p-7fhp-p32p
diff --git a/advisories/github-reviewed/2025/12/GHSA-j4pr-3wm6-xx2r/GHSA-j4pr-3wm6-xx2r.json b/advisories/github-reviewed/2025/12/GHSA-j4pr-3wm6-xx2r/GHSA-j4pr-3wm6-xx2r.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j4pr-3wm6-xx2r",
-  "modified": "2025-12-30T21:07:15Z",
+  "modified": "2026-04-24T13:42:05Z",
   "published": "2025-12-30T21:07:14Z",
   "aliases": [
     "CVE-2025-61594"
   ],
   "summary": "URI Credential Leakage Bypass over CVE-2025-27221",
   "details": "### Impact\n\nIn affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials.\n\nWhen using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure.\n\nThe vulnerability affects the `uri` gem bundled with the following Ruby series:\n\n* 0.12.4 and earlier (bundled in Ruby 3.2 series)\n* 0.13.2 and earlier (bundled in Ruby 3.3 series)\n* 1.0.3 and earlier (bundled in Ruby 3.4 series)\n\n### Patches\n\nUpgrade to 0.12.5, 0.13.3 or 1.0.4\n\n### References\n\n* https://www.ruby-lang.org/en/news/2025/02/26/security-advisories/\n* https://hackerone.com/reports/2957667",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"
@@ -74,6 +78,14 @@
     }
   ],
   "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61594"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902"
@@ -86,6 +98,14 @@
       "type": "WEB",
       "url": "https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a"
     },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/2957667"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/ruby/uri"
@@ -94,18 +114,23 @@
       "type": "WEB",
       "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories"
+    },
     {
       "type": "WEB",
       "url": "https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-200",
       "CWE-212"
     ],
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-30T21:07:14Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-30T21:15:43Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/04/GHSA-jg4p-7fhp-p32p/GHSA-jg4p-7fhp-p32p.json b/advisories/github-reviewed/2026/04/GHSA-jg4p-7fhp-p32p/GHSA-jg4p-7fhp-p32p.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jg4p-7fhp-p32p",
-  "modified": "2026-04-06T23:43:40Z",
+  "modified": "2026-04-24T13:43:15Z",
   "published": "2026-04-04T04:23:03Z",
   "aliases": [
     "CVE-2026-35213"
   ],
   "summary": "@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing",
-  "details": "All versions of `@hapi/content` through 6.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via crafted HTTP header values. Three regular expressions used to parse `Content-Type` and `Content-Disposition` headers contain patterns susceptible to catastrophic backtracking.\n\n### Impact\n\nDenial of Service. An unauthenticated remote attacker can cause a Node.js process to become unresponsive by sending a single HTTP request with a maliciously crafted header value.\n\n### Patches\n\nFixed by tightening all three regular expressions to eliminate backtracking.\n\n### Workarounds\n\nThere are no known workarounds. Upgrade to the patched version.",
+  "details": "All versions of `@hapi/content` through 6.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via crafted HTTP header values. Three regular expressions used to parse `Content-Type` and `Content-Disposition` headers contain patterns susceptible to catastrophic backtracking. This has been fixed in v6.0.1.\n\n### Impact\n\nDenial of Service. An unauthenticated remote attacker can cause a Node.js process to become unresponsive by sending a single HTTP request with a maliciously crafted header value.\n\n### Patches\n\nFixed by tightening all three regular expressions to eliminate backtracking.\n\n### Workarounds\n\nThere are no known workarounds. Upgrade to the patched version.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
