rpm package

suse/spacewalk-web&distro=SUSE Manager Server Module 4.1

pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.1

Vulnerabilities (22)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2019-5427		—		< 4.1.32-3.42.2	4.1.32-3.42.2	Apr 22, 2019	c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CVE-2018-20433		—		< 4.1.32-3.42.2	4.1.32-3.42.2	Dec 24, 2018	c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

CVE-2019-5427Apr 22, 2019
affected < 4.1.32-3.42.2fixed 4.1.32-3.42.2
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CVE-2018-20433Dec 24, 2018
affected < 4.1.32-3.42.2fixed 4.1.32-3.42.2
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Page 2 of 2