Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-10694

CVE-2018-20433: XXE Vulnerability in c3p0 < 0.9.5.3

    XMLWordPrintable

    Details

    • Sprint:
      Horizon 2019 - 19

      Description

      From GitHub's vulnerability scanner:

      CVE-2018-20433 More information

      moderate severity
      Vulnerable versions: <= 0.9.5.2
      Patched version: 0.9.5.3
      c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

        Attachments

          Activity

            People

            Assignee:
            ranger Benjamin Reed
            Reporter:
            wkeaney Will Keaney
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: