Marek Šunda

**Name of the Vulnerable Software and Affected Versions** Apache Commons VFS versions prior to 2.10.0 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor in Apache Commons VFS. Specifically, the FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. **Recommendations** For versions prior to 2.10.0, upgrade to version 2.10.0, which fixes the issue by masking the password in the exception message.