CVE-2018-20433: XXE Vulnerability in c3p0 < 0.9.5.3

Description

From GitHub's vulnerability scanner:

CVE-2018-20433 More information

moderate severity

Vulnerable versions: <= 0.9.5.2
Patched version: 0.9.5.3
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Benjamin Reed May 10, 2019 at 4:12 PM
Edited

This will probably need some manual forward-merges.

Benjamin Reed May 10, 2019 at 3:34 PM

PR: https://github.com/OpenNMS/opennms/pull/2502

Fixed

Details
Assignee
Benjamin Reed
Reporter
Will Keaney
Components
Sprint
None
Fix versions
Meridian-2016.1.21
Meridian-2017.1.17
Meridian-2018.1.8
24.1.0
Affects versions
Meridian-2018.1.7
24.0.0
Priority
Major

PagerDuty

Created May 10, 2019 at 2:46 PM

Updated May 23, 2019 at 8:11 PM

Resolved May 14, 2019 at 2:29 PM

Configure

CVE-2018-20433: XXE Vulnerability in c3p0 < 0.9.5.3

Description

CVE-2018-20433 More information

Acceptance / Success Criteria

Lucidchart Diagrams

Activity

Benjamin Reed May 10, 2019 at 4:12 PMEdited

Benjamin Reed May 10, 2019 at 3:34 PM

DetailsAssigneeBenjamin ReedBenjamin ReedReporterWill KeaneyWill KeaneyComponentsSprintNone+1Fix versionsMeridian-2016.1.21Meridian-2017.1.17Meridian-2018.1.824.1.0Affects versionsMeridian-2018.1.724.0.0PriorityMajor

Details

Assignee

Reporter

Components

Sprint

Fix versions

Affects versions

Priority

PagerDutyPagerDuty Incident

PagerDuty

Benjamin Reed May 10, 2019 at 4:12 PM
Edited

Details
Assignee
Benjamin Reed
Reporter
Will Keaney
Components
Sprint
None
Fix versions
Meridian-2016.1.21
Meridian-2017.1.17
Meridian-2018.1.8
24.1.0
Affects versions
Meridian-2018.1.7
24.0.0
Priority
Major

PagerDuty