Details
-
Bug
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
-
Meridian-2018.1.7, 24.0.0
-
Security Level: Default (Default Security Scheme)
-
None
-
Horizon 2019 - 19
Description
From GitHub's vulnerability scanner:
CVE-2018-20433 More information
moderate severity
Vulnerable versions: <= 0.9.5.2
Patched version: 0.9.5.3
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.