| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-5427 | 5.0 |
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
|
22-04-2022 - 19:28 | 22-04-2019 - 21:29 | |
| CVE-2018-20433 | 7.5 |
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
|
29-05-2019 - 05:29 | 24-12-2018 - 13:29 |