Severity: moderate Affected versions:
- Apache Commons VFS before 2.10.0 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. This issue is being tracked as VFS-169 Credit: Marek Ĺ unda (finder) References: https://issues.apache.org/jira/browse/VFS-169 https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-30474 https://issues.apache.org/jira/browse/VFS-169 --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@commons.apache.org For additional commands, e-mail: user-h...@commons.apache.org
