Com.mchange:c3p0
This hub aggregates every CVE we track for Com.mchange:c3p0, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
2
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 2 most recently published vulnerabilities affecting Com.mchange:c3p0.
- CVE-2019-5427c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.7.5
- CVE-2018-20433c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.9.8
Product normalization is registry-driven with AI assist and human review. How it works