VYPR
Critical severityNVD Advisory· Published Dec 24, 2018· Updated Aug 5, 2024

CVE-2018-20433

CVE-2018-20433

Description

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.mchange:c3p0Maven
< 0.9.5.30.9.5.3

Affected products

45

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.