Mchange C3p0
2 CVEs affecting Mchange C3p0. Latest disclosed: 2019-04-22. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-20433 | Critical | 9.8 | 2018-12-24 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. |
CVE-2019-5427 | High | 7.5 | 2019-04-22 | c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion… |