c3p0:c3p0@0.8.4.5 vulnerabilities
-
latest version
0.9.1.2
-
first published
19 years ago
-
latest version published
17 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the c3p0:c3p0 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0" Affected versions of this package are vulnerable to XML External Entity (XXE) Injection.
via the How to fix XML External Entity (XXE) Injection? There is no fixed version for |
[0,)
|
c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0" Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing protections against recursive entity expansion when loading XML configurations. How to fix Denial of Service (DoS)? There is no fixed version for |
[0,)
|