MchangeCVEs & Vulnerabilities
2 CVEs affecting Mchange products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
c3p0 2
CVE-2019-5427HIGH
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
23 Apr 2019
7.5
CVSS
CVE-2018-20433CRITICAL
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
24 Dec 2018
9.8
CVSS
← PrevPage 1 / 1Next →