Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-10694

CVE-2018-20433: XXE Vulnerability in c3p0 < 0.9.5.3

    XMLWordPrintable

Details

    • Horizon 2019 - 19

    Description

      From GitHub's vulnerability scanner:

      CVE-2018-20433 More information

      moderate severity
      Vulnerable versions: <= 0.9.5.2
      Patched version: 0.9.5.3
      c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

      Attachments

        Activity

          People

            ranger Benjamin Reed
            wkeaney Will Keaney
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: