CVE-2018-20433

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
Configurations

Configuration 1

cpe:2.3:a:mchange:c3p0:0.9.5.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2018-12-24 01:29

Updated : 2019-05-29 05:29


NVD link : CVE-2018-20433

Mitre link : CVE-2018-20433

Products Affected
No products.
CWE
CWE-611

Improper Restriction of XML External Entity Reference