CVE-2018-20433

Опубликовано: 24 дек. 2018

Источник: debian

Описание

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Пакет	Статус	Версия исправления	Релиз	Тип
c3p0	fixed	0.9.1.2-10		package
c3p0	fixed	0.9.1.2-9+deb9u1	stretch	package

https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1

CVE-2018-20433

CVSS3: 9.8

ubuntu

около 7 лет назад

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

CVE-2018-20433

CVSS3: 7.3

redhat

около 7 лет назад

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

CVE-2018-20433

CVSS3: 9.8

nvd

около 7 лет назад

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

GHSA-q485-j897-qc27

CVSS3: 9.8

github

около 7 лет назад

XML External Entity Reference in mchange:c3p0