rpm package
opensuse/c3p0&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/c3p0&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27727 | — | < 0.12.0-1.1 | 0.12.0-1.1 | Feb 25, 2026 | mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack | ||
| CVE-2019-5427 | — | < 0.9.5.5-2.1 | 0.9.5.5-2.1 | Apr 22, 2019 | c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | ||
| CVE-2018-20433 | — | < 0.9.5.5-1.3 | 0.9.5.5-1.3 | Dec 24, 2018 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. |
- CVE-2026-27727Feb 25, 2026affected < 0.12.0-1.1fixed 0.12.0-1.1
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack
- CVE-2019-5427Apr 22, 2019affected < 0.9.5.5-2.1fixed 0.9.5.5-2.1
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
- CVE-2018-20433Dec 24, 2018affected < 0.9.5.5-1.3fixed 0.9.5.5-1.3
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.