vulnerability

Ubuntu: (CVE-2018-20433): c3p0 vulnerability

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 24, 2018
Added
Nov 19, 2024
Modified
Aug 19, 2025

Description

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Solution

ubuntu-upgrade-c3p0

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today