Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-10694

CVE-2018-20433: XXE Vulnerability in c3p0 < 0.9.5.3

    XMLWordPrintable

    Details

    • Sprint:
      Horizon 2019 - 19

      Description

      From GitHub's vulnerability scanner:

      CVE-2018-20433 More information

      moderate severity
      Vulnerable versions: <= 0.9.5.2
      Patched version: 0.9.5.3
      c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

        Attachments

          Activity

            People

            • Assignee:
              ranger Benjamin Reed
              Reporter:
              wkeaney Will Keaney
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: