8 matches found
Important: apache-commons-vfs
Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...
Important: apache-commons-vfs
Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...
OESA-2025-1356 apache-commons-vfs security update
Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...
apache-commons-vfs2-2.10.0-1.1 on GA media (moderate)
apache-commons-vfs2-2.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14929-1 Rating: moderate Cross-References: CVE-2025-27553 CVE-2025-30474 CVSS scores: CVE-2025-27553 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2025-30474 SUSE : 7.5...
CVE-2025-30474
creationtimestamp| type| source ---|---|--- 2025-03-23 16:50:30+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ll2p6jo5fy2j 2025-03-23 18:09:20+00:00| seen| https://t.me/cvedetector/20901 2025-03-23 18:14:26+00:00| seen|...
au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +875 more potentially affected by CVE-2025-30474 via org.apache.commons:commons-vfs2 (>=2.0 <=2.1)
org.apache.commons:commons-vfs2 MAVEN version =2.0, =0.0.4, =1.0.0, =1.0.0, =3.6.1, =3.11.0, =1.0-alpha-1, =1.0-alpha-1, =0.5, =0.5.1 and more Source cves: CVE-2025-30474 Source advisory: OSV:GHSA-3936-3GX6-49C4...
CVE-2025-30474 Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...
CVE-2025-30474
CVE-2025-30474 is corroborated by IBM Content Collector for SAP security bulletin: exposure of sensitive information via error messages in Apache Commons VFS (FtpFileObject may reveal the original URI, potentially containing a password). Impact is limited to affected versions (Apache Commons VFS ...