rpm package
opensuse/mchange-commons&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/mchange-commons&distro=openSUSE%20Leap%2015.6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27830 | Hig | — | < 0.2.20-150400.3.3.1 | 0.2.20-150400.3.3.1 | Feb 26, 2026 | c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre | |
| CVE-2026-27727 | — | < 0.2.20-150400.3.3.1 | 0.2.20-150400.3.3.1 | Feb 25, 2026 | mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack |
- affected < 0.2.20-150400.3.3.1fixed 0.2.20-150400.3.3.1
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre
- CVE-2026-27727Feb 25, 2026affected < 0.2.20-150400.3.3.1fixed 0.2.20-150400.3.3.1
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack