CVE-2018-20433

CRITICAL9.8EPSS 2.4%

c3p0 - security update

Published: 1/7/2019Modified: 4/28/2026

Also known as:DEBIAN-CVE-2018-20433

Description

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H