VYPR

Maven package

com.mchange/c3p0

pkg:maven/com.mchange/c3p0

Vulnerabilities (3)

  • CVE-2026-27830HigFeb 26, 2026
    affected < 0.12.0fixed 0.12.0

    c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre

  • CVE-2019-5427Apr 22, 2019
    affected < 0.9.5.4fixed 0.9.5.4

    c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

  • CVE-2018-20433Dec 24, 2018
    affected < 0.9.5.3fixed 0.9.5.3

    c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.