Vulnerabilities > Mchange > C3P0 > 0.9.5.2

DATE CVE VULNERABILITY TITLE RISK
2018-12-24 CVE-2018-20433 XXE vulnerability in multiple products
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
network
low complexity
mchange debian CWE-611
critical
 9.8
9.8